Hi We ran into a similar problem before & if I remember correct, secure the <url-pattern> in your web.xml properly. The url that you put inside this tag is crucial. In our old struts based application our web.xml went like this :-
<welcome-file-list> | <welcome-file>jsp/welcome.jsp</welcome-file> | </welcome-file-list> | <error-page> | <error-code>500</error-code> | <location>/jsp/error.jsp</location> | </error-page> | <security-constraint> | <web-resource-collection> | <web-resource-name>SecurePages</webresource-name> | <description> | Security constraint testing using custom Jaas Module | </description> | <url-pattern>*.do</url-pattern> | <http-method>POST</http-method> | <http-method>GET</http-method> | </web-resource-collection> So basically anything that goes to Struts Action Servlet is protected. Plus Users are not exposed to the jsp's directly. Even if they book-mark a page, they are redirected to welcome page View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169433#4169433 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169433 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
