We put all our jsp file into a /struts/ folder then add the following
security contraint to web.xml
<security-constraint>
<display-name>Prevent access to raw pages.</display-name>
<web-resource-collection>
<web-resource-name>Raw Pages</web-resource-name>
<url-pattern>/struts/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>No roles, so no direct access</description>
</auth-constraint>
</security-constraint>
On Thu, Jun 18, 2009 at 9:32 AM, abhishek reddy <[email protected]>wrote:
> how to prevent users from directly accessing jsp files, rather they have to
> come thru sturts action?
>
> --
> Abhishek
>
