Thank you for the input Manos.I am new to struts and security
implementation. So I am trying different things.
My present implemetation has restricted access to JSP pages depending on
role. I thought of restricting complete access to JSP pages itself as the
jsp pages get the input from action classes(A error is displayed if the JSP
page should get the variable ). Is this the right approach?.
Other thing i want to try is bookmark a page and if a user clicks on it, it
should go to the login page and after logging in it should display the page
if he has access to that page(depending on role). I am not able to come up
with a solution. Can you suggest me anything on this.
Thanks once again for the solution
Regards
Viplav
On 6/20/07, Manos Batsis <[EMAIL PROTECTED]> wrote:
Archer wrote:
> Hi,
>
> I am using struts 1.3.8 for my application. Can anybody please help me
how
> to restrict access to jsp pages directly in struts. I am not having any
of
> jsp in web-inf, so I need to restrict direct access to JSP. Any
suggestion
> will be a great help to me.
>
Too many ways to do this, for example a servletfilter or web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
hth,
Manos
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Regards
Archer
