If you put all your jsp's inside a the WEB-INF directory, they will not be accessible directly -- only through an action. I think this is part of the jsp specification that nothing can be directly served out of this special directory..Otherwise, a user could pull up configuration files that reside there -- web.xml for example.....For example, I have a directory structure containing jsp's under WEB-INF/jsp in my current web application....Hope this helps!
--nathan
On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote:
Ah yes,
Perhaps what you're thinking of is that JSP files should not be calledand
directly or bookmarked. They should be hidden from the user completely,only accessible through an action.
that was it - sorry - stupid of me.
Could you tell me how to secure the jsps so that they are only a result of
the action?
cheers,
Brian
----- Original Message ----- From: "Kruse, Matt" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 3:12 PM Subject: RE: calling actions directly
calledI read that one of the things about struts is the actions are only able to be called from the pages directly. Ie, you shouldn't be able to bookmark the actions themselves like: http://myhost/myaction.do
Where did you hear this? That's totally not true - any action can bedirectly as long as it has a mapping. It's just a URL. Otherwise, howwouldyou enter the first action? :)and
Perhaps what you're thinking of is that JSP files should not be called
directly or bookmarked. They should be hidden from the user completely,only accessible through an action.
Matt Kruse
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
============================= Nathan Pitts Programmer Analyst Texas Animal Health Commission =============================
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
