Well, that's the magic in it. You never see the url with WEB-INF. Since we are using a "forward" and not a "redirect", the control thread can go anywhere (its not a request from the browser).
This forces the user to interact with your web app by using *ONLY* the actions you've defined. They can now no longer call a jsp directly (whether it would have given an error or not) I'll send it to you personally. If anyone else would like a copy, just let me know James Mitchell Software Engineer\Struts Evangelist [EMAIL PROTECTED] > -----Original Message----- > From: Adam Hardy [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 4:27 PM > To: [EMAIL PROTECTED] > Subject: Re: Handling check for logged-inness using a tag? > > > That would be grand. I'm just having problems visualising a URL to a jsp > in WEB-INF. > > Thanks > Adam > > James Mitchell wrote: > > >I've modified the struts-example to do this. > > > >Would you care for a copy of the zip? > > > >James Mitchell > >Software Engineer\Struts Evangelist > > > > > > > > > >>-----Original Message----- > >>From: Adam Hardy [mailto:[EMAIL PROTECTED]] > >>Sent: Monday, June 03, 2002 4:00 PM > >>To: Struts Users Mailing List > >>Subject: Re: Handling check for logged-inness using a tag? > >> > >> > >>What does the forward to a jsp that's in the WEB-INF look like? > >> > >>Adam > >> > >>James Mitchell wrote: > >> > >> > >> > >>>Assuming that the location of the jsp were decided for you, I > would think > >>>that you wouldn't want anyone hitting a 'struts-ified' jsp > regardless of > >>>authentication. I think these are separate issues. > >>> > >>>I know with the QA at my last job, they would try just about > >>> > >>> > >>anything to get > >> > >> > >>>a stack trace in the browser. I think they prided themselves > on how many > >>>bugs they could log against us. Almost they acted as if they were paid > >>>bonus' for logged defects. > >>> > >>>Personally, I don't like the idea of adding unnecessary tags in my jsp, > >>>especially if it does functionality that could/should be in the action > >>>class. Ultimately, its up to you, that's what makes Struts so awesome. > >>> > >>>James Mitchell > >>>Software Engineer\Struts Evangelist > >>> > >>> > >>> > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: Rick Reumann [mailto:[EMAIL PROTECTED]] > >>>>Sent: Sunday, June 02, 2002 2:43 PM > >>>>To: Struts Users Mailing List > >>>>Subject: Handling check for logged-inness using a tag? > >>>> > >>>> > >>>>If you aren't going to put your JSPs inside the WEB-INF layer, would > >>>>it be a good idea to do the check for a user being logged in by a > >>>>simple tag at the top of each JSP? This way at least if someone tries > >>>>to type in a url to a jsp they would be redirected to log in? > >>>> > >>>>-- > >>>> > >>>>Rick > >>>> > >>>>mailto:[EMAIL PROTECTED] > >>>> > >>>> > >>>>-- > >>>>To unsubscribe, e-mail: > >>>><mailto:[EMAIL PROTECTED]> > >>>>For additional commands, e-mail: > >>>><mailto:[EMAIL PROTECTED]> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>-- > >>>To unsubscribe, e-mail: > >>> > >>> > ><mailto:[EMAIL PROTECTED]> > > > > > >>For additional commands, e-mail: > >> > >> > ><mailto:[EMAIL PROTECTED]> > > > > > >> > >> > >> > >> > > > > > > > >-- > >To unsubscribe, e-mail: > ><mailto:[EMAIL PROTECTED]> > >For additional commands, e-mail: > ><mailto:[EMAIL PROTECTED]> > > > > > > > > > > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
