wait wait I know! <idea type="silly" today="friday" drink="beer"> Have only ONE url for the whole application. Give every page a hidden field named "theRealUrl" and all links etc.... actually fire javascript that sets this hidden field and POST to that one acceptable url, then you have a filter (or override ActionServlet) that uses the value in "theRealUrl" to redirect the request appropriately. Any request that doesnt have a value for "theRealUrl" gets shunted off to the access denied page... </idea>
hehe, or to quote James: "Good Luck!!!" -----Original Message----- From: James Mitchell [mailto:[EMAIL PROTECTED] Sent: Friday, 22 August 2003 19:22 To: 'Struts Users Mailing List' Subject: RE: Disallow user to modify URL in browser address bar What you are wanting is not possible. It's YOUR job (as a developer) to handle situations where they may have done so. Hint: unknown="true" Good Luck!!! -- James Mitchell Software Engineer / Struts Evangelist http://www.struts-atlanta.org 678.910.8017 AIM:jmitchtx > -----Original Message----- > From: sriram [mailto:[EMAIL PROTECTED] > Sent: Friday, August 22, 2003 2:16 AM > To: 'Struts Users Mailing List' > Subject: Disallow user to modify URL in browser address bar > > > How to identify if user has manipulated the URL in Address > Bar of the browser? > > For ex., the application displays a page with the following URL: > > http://localhost:8080/app/str/testview_srchpost.do > > Now, the user modifies the URL in the address bard. Instead > of testview_srchpost.do, user types testtwoview_srchpost.do > and clicks ENTER. > > I want to restrict such types of URL modification Struts > application. I should take the user to a default access > denied page when ever user does such changes. > > How to identify this action of the user? Pl. give some ideas. > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
