I originally had my jsps under WEB-INF to prevent them from direct access, which worked just fine. However, the standards I'm working with dictate that the jsps be located above WEB-INF. In order to prevent access to my jsps I added a security-constraint in web.xml, blocking access to the jsps. Unfortunately, now none of my tiles display properly, instead I get the error message:
[Exception in:/jsp/body/home_body.jsp] Response has already been committed for all the protected pages. The problem is that for each protected page, its trying to authenticate the user using the FORM authentication that I have set-up for parts of the application (this is a separate security-constraint from the jsp protection). All I want to prevent is direct access to the jsp, not access through other means (e.g. action/tile). Thanks. Wes --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
