<security-constraint>
<web-resource-collection>
<web-resource-name>Private</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>So if you had an action mapping:
<action path="/private/funk".../>
Then a client making a request for /app/private/funk.do should receive an error from the container.
Or maybe use a servlet filter (requires a Servlet 2.3 container) configured with a set of action paths that should be protected.
Joe Barefoot wrote:
If that doesn't work for ya, I have a really hacky way to do it, but it relies on your using an abstract action superclass that all other actions extend. If you have this, then all you need to do in the superclass's perform method is use an Integer request attribute:
check if Integer attrib exists...if so, increment it by 1. if it doesn't, create it and initialize it to 1
In your non-externally-accessible Action, grab this attrib first thing. If it's greater than 1 (meaning you came from another Action, cause you had to go through your superclass' perform method twice or more), proceed. If not, this action must be the first in the request chain, so return a nasty message saying they can't do this (or throw an exception, or do a response.redirect() and set the status code to 404, or whatever). :)
Note that this won't work for redirects of course, but neither would anything else....
--joe
-----Original Message----- From: Karr, David [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 5:00 PM To: Struts Users Mailing List Subject: RE: Internal-only paths
Gee, I wonder if specifying a "roles" value of "dummy" (a nonexistent
role name) would do this. I don't know if a non-redirect forward from
an action to an action would go through the RequestProcessor. I have a
feeling it wouldn't. If this works, I have a feeling it's a fortunate
accident.
-----Original Message----- From: John Brayton [mailto:[EMAIL PROTECTED]
I am trying to find a way to specify that an Action can only be accessed as a forward from another action. I want to avoid web clients access those actions directly. Does anyone know of a way to do this from, say, the "struts-config.xml" file?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Kris Schneider <mailto:[EMAIL PROTECTED]> D.O.Tech <http://www.dotech.com/>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
