I mean denying access to JSPs by URL or some other means. Make JSPs private content.
El Lunes, 1 de julio de 2013 08:28:10 umeshawas...@gmail.com escribió: > Protecting JSP in what way? > Though putting them under WEB-INF is a good approach > > But you need to provide more information about what kind of protection you > want to have Sent from BlackBerry® on Airtel > > -----Original Message----- > From: Antonio Sánchez <juntandolin...@gmail.com> > Date: Mon, 01 Jul 2013 10:24:15 > To: <user@struts.apache.org> > Reply-To: "Struts Users Mailing List" <user@struts.apache.org> > Subject: Best practice for protecting JSPs > > I need to protect JSPs. Some options: > > 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin. > > 2. Declare authorization constraints in web.xml. > > 3. Use some external tool, perhaps Spring Security. > > 4. Some other options. > > Which is the best practice in Struts2? > > Thanks. > > �� > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org
