Please let me know if I have understood it correctly. Just like in example in struts documentation I map my ActionServlet to *.do. I have a page someform.jsp whose logical name is say something.do.
All server side validations are performed in the corresponding Action class. Now if some user of my page after viewing page something.do opens its html source in browser he will be able to find a base tag containing actual address to someform.jsp. Now if the same user copies and paste this address to someform.jsp in browser, now the request will not go to ActionServlet as it only captures *.do not .jsp. As a result Action class will be bypassed and thus all server side validations will be skipped by this user. Is this correct Amit Kumar
