> I've found a workaround for the time being. Each .jsp page has access to a > bean that includes login info. I changed jsp page to test to see if the > login flag is true. If so nothing happens. If not then I use jsp:forward to > send it back to the login.jsp page. > So this will work until I feel ready to explore filters.
Search the Struts user list for options as this comes up repeatedly there. In some cases, if the users don't go through the controller servlet then things don't work right. In addition to putting the JSP's under WEB-INF, another method I've seen described is to configure security to protect all JSP's with a role like "nobody" and then don't assign anyone to that role. -- Wendy Smoak Applications Systems Analyst, Sr. Arizona State University PA Information Resources Management
