I have got this to work under tomcat 4.1 - I modified my struts config file
as follows
<action path="/register/step1"
type="com.id_crm.webapp.action.NameAddressAction"
name="NameAddressForm"
scope="session"
validate="true"
input="/register/step1.jsp">
<!-- <forward name="success" path="/register/step2.jsp"/> -->
<!-- step2.jsp is now in the WEB-INF directory and cannot be accessed
directly -->
<forward name="success" path="/WEB-INF/step2.jsp"/>
</action>
-----Original Message-----
From: Cory Newey [mailto:[EMAIL PROTECTED]]
Sent: 13 January 2003 15:57
To: [EMAIL PROTECTED]
Subject: RE: Controlling Direct Access to jsp pages
I've heard of this approach to protecting access to JSP pages but I've
never been able to get it to work. How, exactly, do you route to a JSP
in the /WEB-INF directory? Could you maybe provide a little of the
struts-config.xml file that would do this or the code in the Action
class that does this?
Thanks.
>>> [EMAIL PROTECTED] 01/13/03 08:50AM >>>
I place them all under /WEB-INF and force them to go through my action
classes.
There are other ways, but this is the most convenient for me.
<disclaimer>
Use at your own risk.
Not all containers support doing it this way.
</disclaimer>
--
James Mitchell
> -----Original Message-----
> From: Colquhoun, Adrian [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 13, 2003 10:41 AM
> To: '[EMAIL PROTECTED]'
> Subject: Controlling Direct Access to jsp pages
>
>
>
> Hi
>
> If I have three pages in my view layer that must be called in
> sequence e.g.
>
> - step1.jsp then
> - step2.jsp then
> - step3.jsp
>
> How do I ensure that my users do not call step2 and step3
> directly via a
> web browser. Do I need to use a custom tag in pages 2 and 3
> to check this
> or is there some way to force all requests for .jsp pages in
> my application
> to route via the ActionServlet
>
> Thanks
>
> Adrian
>
>
> ==============================================================
> =========
> Information in this email and any attachments are
> confidential, and may
> not be copied or used by anyone other than the addressee, nor
> disclosed
> to any third party without our permission. There is no intention to
> create any legally binding contract or other commitment
> through the use
> of this email.
>
> Experian Limited (registration number 653331).
> Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
>
> --
> To unsubscribe, e-mail:
> <mailto:struts-user-> [EMAIL PROTECTED]>
> For
> additional commands,
> e-mail: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
