put the jsps in the Web-inf dir...
I am not sure if it works on all containers, but its in the
JSP/servlet(1.2/2.3) spec (dont know in which one). I know ppl use it when
working with struts, if I recall there is an app in the struts resourse
page, about polls and it does this...
tiago
At 11:35 AM 9/9/2002 +0530, you wrote:
>Hi,
>
>We are using MVC architecture in our project with j2ee 1.2.
>We have a Front Controller which is the only access points for various
>modules.
>This front controller performs all the authentication and authorization
>checks.
>If the user is authorized it gives access to the requested resource (lets
>say a jsp).
>
>Since there are no authentication/authorization checks in the jsp, anybody
>who somehow comes to know of the url of a jsp can access the jsp.
>
>Is there anyway (preferably declarative) to make the jsp's inaccessible
>when accessed directly.
>They should ofcourse still work when request is forwarded from the
>controller servlet.
>
>
>Thanks & Regards
>Rahul
>
>
>To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>JSP-INTEREST".
>For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
>Some relevant FAQs on JSP/Servlets can be found at:
>
> http://archives.java.sun.com/jsp-interest.html
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.jsp
> http://www.jguru.com/faq/index.jsp
> http://www.jspinsider.com
cya,
Tiago Nodari
www.nodari.org
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
