Just put them behind a protected space that only allows in a certain role
(say, "inaccessible"). Make sure that role doesn't map to any user. The
pages can still be included at runtime via the RequestDispatcher (because it
doesn't pay attention to security constraints). Here's an example from my
web.xml:
<!-- Prohibit direct access to tiles components -->
<security-constraint>
<web-resource-collection>
<web-resource-name>TilesComponents</web-resource-name>
<description>Tiles components</description>
<url-pattern>/tiles-common/*</url-pattern>
<url-pattern>/tiles-layouts/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>inaccessible</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mark Woon
Sent: Saturday, April 13, 2002 12:05 AM
To: [EMAIL PROTECTED]
Subject: Re: StrutsTiles Design: Model2 and authorization
"Wellie W. Chao" wrote:
> I have the layout tiles and
> common tiles (e.g. nav bars, footers, etc.) protected so that they are
> inaccessible except through a parent tile's RequestDispatcher.
How exactly do you do this?
Thanks,
-Mark
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
