The easiest way is to always have the user call an action to get a JSP,
even if it is a simple page. You then also ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the s2 dispatcher).
Otherwise, I would suggest a servlet filter or header code for all JSPs
that make the necessary checks.
/Ian
--
Ian Roughley
From Down & Around, Inc.
Consulting * Training / Mentoring * Agile Process * Open Source
web: http://www.fdar.com - email: [EMAIL PROTECTED]
mojoRising wrote:
struts 2 - java - jsp
Hi. I am trying to configure an authentication/login interceptor. The idea
being of course being to prevent someone from accessing a page unless they
are logged in. We can assume that means they have a user object stored in
the session.
Now I understand how to plug in an interceptor to check for this, but what I
am missing is: How do I prevent someone from accessing a jsp page if they DO
NOT CALL an action, but type in the url themselves? E.g. If someone types in
http://www.mysite.com/pages/main.jsp how do I intercept that?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
