I need to protect JSPs. Some options: 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin.
2. Declare authorization constraints in web.xml. 3. Use some external tool, perhaps Spring Security. 4. Some other options. Which is the best practice in Struts2? Thanks.
