It depends on your web container if that's actually allowed. You should check your container spec before moving all of your JSP's into the WEB-INF folder. The other alternative is to create a filter that will get/put requests to /jsp/* in your app.
(Weblogic for example will not compile JSP's within WEB-INF) Regards, Jacob -----Original Message----- From: Yee, Richard K,,DMDCWEST [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 10:18 AM To: 'Struts Users Mailing List' Subject: RE: JSP Protection J�rgen, Put the JSP under the WEB-INF directory. Once there, it will only be accessible from within your web application. -Richard -----Original Message----- From: J�rgen Scheffler [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 8:15 AM To: [EMAIL PROTECTED] Subject: JSP Protection Hi, how do i block URL guessing? if someone requests abc.com/secret_page.jsp he gets it. In my Action i check if the user object has the right rights for this action and then i forward him. But if guesses the jsp, he opens it. Help me! J�rgen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
