Your technique is powerful but the problem is that it even prevented index.jsp from display as well. Is there ways to work around?
-----Original Message----- From: David Graham [mailto:[EMAIL PROTECTED]] Sent: Monday, January 13, 2003 9:54 AM To: [EMAIL PROTECTED] Subject: Re: Controlling Direct Access to jsp pages Put this security info at the bottom of your web.xml to prevent access to any *.jsp file: <security-constraint> <web-resource-collection> <web-resource-name>SecureAllJSPs</web-resource-name> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>nobody</role-name> </auth-constraint> </security-constraint> <security-role> <description>No one should be put in this role.</description> <role-name>nobody</role-name> </security-role> David >From: "Colquhoun, Adrian" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: Controlling Direct Access to jsp pages >Date: Mon, 13 Jan 2003 15:40:45 -0000 > > >Hi > >If I have three pages in my view layer that must be called in sequence e.g. > > - step1.jsp then > - step2.jsp then > - step3.jsp > > How do I ensure that my users do not call step2 and step3 directly via a >web browser. Do I need to use a custom tag in pages 2 and 3 to check this >or is there some way to force all requests for .jsp pages in my application >to route via the ActionServlet > >Thanks > >Adrian > > >======================================================================= >Information in this email and any attachments are confidential, and may >not be copied or used by anyone other than the addressee, nor disclosed >to any third party without our permission. There is no intention to >create any legally binding contract or other commitment through the use >of this email. > >Experian Limited (registration number 653331). >Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?page=features/virus -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> _________________________________________________________________________ Introducing the all new and improved continental.com. With a totally new personalized design, it's the best place to go. Before you go. Continental Airlines. Work Hard. Fly Right. http://www.continental.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
