Put all JSPs under WEB-INF.
NO ONE CAN NOW GET TO THEM, only trough action or servlet.
.V

[EMAIL PROTECTED] wrote:

Hi All

What i want to do is make sure that you are logged on before you can access any pages

I have extended the RequestProcessor this works,  but the problem is that people can still point to the .JSP pages


Any tips?

Thanks
Jon

protected boolean processPreprocess(HttpServletRequest request, HttpServletResponse response) {
                boolean continueProcessing = true;
                HttpSession session = request.getSession();
                Object user = session.getAttribute(Constants.USER_KEY);
                if (user == null) {
                        ForwardConfig config = appConfig.findForwardConfig("login");
                        try {
                                response.sendRedirect(config.getPath());
                        }
                        catch (Exception ex) {
                                log.error("Problem sending redirect from processPreprocess()");
                        }
                }
                return continueProcessing;
        }

-- 
Vic Cekvenich,
Struts Instructor,
1-800-917-JAVA

Advanced <a href ="">Struts Training</a> and project recovery in North East.
Open Source <a href ="">Content Management</a>  basicPortal sofware
Best practice<a href ="">Struts Support</a> v.1.1 helper ScafflodingXPress

Reply via email to