Thanks that works great
jon
|
[EMAIL PROTECTED] 2003-06-30 12:40 PM
|
To: [EMAIL PROTECTED] cc: (bcc: Jon Pallas/EHV/CE/PHILIPS) Subject: Re: [MVC-Programmers] How to stop JSP access Classification:
|
Put all JSPs under WEB-INF.
NO ONE CAN NOW GET TO THEM, only trough action or servlet.
.V
[EMAIL PROTECTED] wrote:
Hi All
What i want to do is make sure that you are logged on before you can access any pages
I have extended the RequestProcessor this works, but the problem is that people can still point to the .JSP pages
Any tips?
Thanks
Jon
protected boolean processPreprocess(HttpServletRequest request, HttpServletResponse response) {
boolean continueProcessing = true;
HttpSession session = request.getSession();
Object user = session.getAttribute(Constants.USER_KEY);
if (user == null) {
ForwardConfig config = appConfig.findForwardConfig("login");
try {
response.sendRedirect(config.getPath());
}
catch (Exception ex) {
log.error("Problem sending redirect from processPreprocess()");
}
}
return continueProcessing;
}
--
Vic Cekvenich,
Struts Instructor,
1-800-917-JAVA
Advanced <a href ="" Training</a> and project recovery in North East.
Open Source <a href ="" Management</a> basicPortal sofware
Best practice<a href ="" Support</a> v.1.1 helper ScafflodingXPress
