Hi
How can I prevent client form ditect access to any
jsp page. I want all pages to be accessed only after action action process.
Will that work? how will you convince the server it's a jsp page?
surely request dispatcher and the like won't work with this approach?
On Dec 18, 2003, at 8:55 AM, Rickard Öberg wrote:
remigijus wrote:
Hi
How can I prevent client form ditect access to any jsp page. I want
all pages to be
The approach by Rickard doesn't work on some application servers.
So do a test before you decide to move everything.
Cheers,
Mathias
-Original Message-
From: Rickard Öberg [mailto:[EMAIL PROTECTED]
Sent: donderdag 18 december 2003 14:55
To: [EMAIL PROTECTED]
Subject: Re: [OS-webwork]
1. move index.jsp to /WEB-INF/index.jsp
2. configure an action called index (in xwork.xml) that uses the
com.opensymphony.xwork.ActionSupport class (since it just returns
success from execute())
map the success view as a dispatcher type, to /WEB-INF/index.jsp
3. create an empty file called
it certainly does work.
I think that only direct requests for /WEB-INF/** are blocked by the
containers, though when you specifically (programatically) call
rd.include or rd.forward it can do it.
Cameron
Hani Suleiman wrote:
Will that work? how will you convince the server it's a jsp page?
Ok.. I didn't realise that.
One thing that you could do is create a DirectAccessBlockingFilter ;)
The name says it all ;)
You will have to configure this filter to be 'once per request' so that
it only blocks access during the first request dispatch, allowing
subsequent dispatches (from the
so if you call requestDispatcher.forward(request,response) or
requestDispatcher.include(request,response), the filter doesn't get
executed again ?
That is strange, since I though there was a pattern to stop the second
dispatch from executing the filter again.
Cameron.
Hani Suleiman wrote:
Very nice to have such activity.
As I see There is no simple answer. The question I rised only because I
couldn't manage to get access to session component from jsp scriplet.
I thought, maybe it will be easier to do evrything througout the action, and
get access to the component by getting it from
