Hi, We are using MVC architecture in our project with j2ee 1.2. We have a Front Controller which is the only access points for various modules. This front controller performs all the authentication and authorization checks. If the user is authorized it gives access to the requested resource (lets say a jsp).
Since there are no authentication/authorization checks in the jsp, anybody who somehow comes to know of the url of a jsp can access the jsp. Is there anyway (preferably declarative) to make the jsp's inaccessible when accessed directly. They should ofcourse still work when request is forwarded from the controller servlet. Thanks & Regards Rahul ==========================================================================To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
