Re: Restricting direct access of jsp's

[Pramod Nair]

I am sure there are better solutions than this, but , one possible way would be to set a request attribute through request.setAttribute() in your controller servlet, before forwarding the request to the view JSP. The JSP could then check the presence of this request attribute to determine whether the request came in from a Controller or through a Direct client access (Clients cant request.setAttribute(), since its a HTTP independent Server side technique)   I'd love to learn some way of doing this declaratively too ...   regards   Pramod Nair     ----- Original Message ----- From: Rahul To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 6:05 AM Subject: Restricting direct access of jsp's Hi,   We are using MVC architecture in our project with j2ee 1.2. We have a Front Controller which is the only access points for various modules. This front controller performs all the authentication and authorization checks. If the user is authorized it gives access to the requested resource (lets say a jsp).   Since there are no authentication/authorization checks in the jsp, anybody who somehow comes to know of the url of a jsp can access the jsp.   Is there anyway (preferably declarative) to make the jsp's inaccessible when accessed directly. They should ofcourse still work when request is forwarded from the controller servlet.     Thanks & Regards Rahul