Folks,
Is there anything in Tomcat or in the .war file specification to deny
non-forwarded access to a JSP? Where's the appropriate place to do this?
I'm using the MVC, or so-called model 2 approach, where a servlet prepares
and then forwards to a JSP. Users should NOT be able to ask for the JSP,
only the servlet (because the servlet needs to prepare context, check
security, etc.). What's the correct way?
Thanks,
Ben Flaumenhaft
Principal, Sidelight Consulting
http://www.sidelight.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
