What we've done is to create a filter (implement javax.servlet.Filter and define it in web.xml ) and if the resource uri ends with .jsp we return an http 403 error.
Antonios On 1 July 2013 09:38, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2013/7/1 Antonio Sánchez <juntandolin...@gmail.com>: > > I need to protect JSPs. Some options: > > > > 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin. > > > > 2. Declare authorization constraints in web.xml. > > These two options are the best to avoid direct access to JSPs - not > all containers block access to resources in WEB-INF and fake auth > constraints will sole that problem and it's an ultimate solution. > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > >
