Protecting JSP in what way? Though putting them under WEB-INF is a good approach
But you need to provide more information about what kind of protection you want to have Sent from BlackBerry® on Airtel -----Original Message----- From: Antonio Sánchez <juntandolin...@gmail.com> Date: Mon, 01 Jul 2013 10:24:15 To: <user@struts.apache.org> Reply-To: "Struts Users Mailing List" <user@struts.apache.org> Subject: Best practice for protecting JSPs I need to protect JSPs. Some options: 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin. 2. Declare authorization constraints in web.xml. 3. Use some external tool, perhaps Spring Security. 4. Some other options. Which is the best practice in Struts2? Thanks.
