i'm using weblogic 5.1, which does not allow RequestDispatching to JSPs underneath
WEB-INF. so i'm stuck keeping my JSPs outside WEB-INF. as a result,
i have to secure requests to both JSPs and actions. securing the actions is just a
matter of sub-classing ActionServlet and providing logic to check for
certain secured paths. the problem is i don't want to repeat the logic in the
JSPs--either through a tag library or otherwise. does anyone have any
suggestions as to how best to prevent a situation where a user requests a JSP page
directly when it should have gone through the sub-classed
ActionServlet? i was thinking of just setting a request parameter for each request as
it passes through the ActionServlet. that way, in the JSP i can
just test for that value to determine whether the request went through the proper
channel. if not, i can redirect to an error page.
thoughts? suggestions?