I have an application where I have a single controller servet receiving requests and then calling the appropriate jsp pages. I have Java classes to be used by both the servlet and jsp's. These Java Bean clasees are for database interaction. I also need to maintain session. I am using these Java Beans with application scope. The general flow is: 1. The controller servlet receives the request. 2. Checks for the session state using session object.// Basically validates if the user is logged -in 3. Instantiate the bean class and get setter methods of java Beans to fetch data from database.// application scope. 4. If user is logged -in calls the appropriate JSP Page 5. The JSP Page display the information using the Bean.
The problem is - it seems to be working fine if the user follows the normal flow. However if he directly goes and access the jsp page thru the url he is still able to get it. How do I configure TomCat to disallow access to the directory where I am keeping the jsp pages. I am using Tomcat 4.1.18. Any other idea ?? Regards N-Goel
