M.Liang:
Add this to your web.xml:
<!-- Do not allow users to load jsps directly -->
<security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
-----Original Message-----
From: M.Liang Liu [mailto:[EMAIL PROTECTED]
Sent: Friday, July 13, 2007 11:01 PM
To: user@struts.apache.org
Subject: How to keep users from accessing to *.jsp strightforword?
I just would like to block users to get to the login.jsp through the
url:http://somedomain.com/login.jsp.
Instead,users can login with the url :http://somedomain.com/login.action---
actually the login.jsp page.
With the help of code-in-behind-plugin,users can just login with the
url:http://somedomain.com/login.action.
And what I would like to do is block the direct *.jsp access.
Any comment would be greatly appreciated.
--
View this message in context:
http://www.nabble.com/How-to-keep-users-from-accessing--to-*.jsp-strightforw
ord--tf4077945.html#a11590867
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
