I have moved all JSP's under WEB-INF directory (e.g. /WEB-INF/pages/login.jsp), and this solution seems to work perfectly on my local environment with exploded directory structure. However, Struts seems to not be working at all when we package and deploy an ear file (before I moved the jsp's it had been working with ear deployment)...I am still troubleshooting, but any ideas what could be the issue here?
Thanks John Jeromy Evans - Blue Sky Minds wrote: > > I've been told that some older containers don't allow you to forward to > JSP's behind /WEB-INF. It wouldn't surprise me. > Other than that I've found Ian's suggestion to be the most effective way > to ensure users can't access JSPs directly, IMO a must for Tiles, html > fragments and any page using struts tags. > > The only issue I've experienced is when (bad) scriptets within the JSP > manipulate the request object directly, which is assumed to use the > /xxx.jsp URI but is actually /WEB-INF/results/xxx.jsp. > > Many would argue that best practice is to not use JSPs at all. Another > group would argue that Acegi should be used rather than rolling your own > filter. > > Hope that helps. > > mojoRising wrote: >> Is this considered the Best Practice: Keeping all JSP's under the WEB-INF >> directory? We have not done that on my project, I am curious if there are >> plus' and minus' to this? >> >> Thanks, >> John >> >> >> The easiest way is to always have the user call an action to get a JSP, >> even if it is a simple page. You then also ensure that all data >> necessary for that page has been obtained. The, by placing the JSP's in >> the WEB-INF directory you will prevent access directly from a browser >> (only from the s2 dispatcher). >> > -- View this message in context: http://www.nabble.com/authentication-question-tp16006710p16198339.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]