Sorry just remove *<url-pattern>summary</url-pattern>* there. thats all :)
On Tue, Jul 6, 2010 at 11:02 AM, Kushan Jayathilake <kusha...@gmail.com>wrote: > Hi Miguel , > > I have found out the way to restrict accesses to JSP files, with this you > can have your JSP files anywhere, just add following fragment to > *web.xml*file. > > <security-constraint> > <web-resource-collection> > <web-resource-name>Deny Direct Access</web-resource-name> > <description></description> > <url-pattern>*.jsp</url-pattern> > <url-pattern>summary</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>Denied</role-name> > </auth-constraint> > </security-constraint> > > <security-role> > <role-name>Denied</role-name> > </security-role> > > But still couldnt find a way to stop users accessing other inside pages, > like if you want to go to the *summary.action* file then you must go the * > search.action* first, then follow a link there. > > -- > Regards > Kushan Jayathilake > > > > On Tue, Jul 6, 2010 at 10:33 AM, Miguel <miguel...@gmail.com> wrote: > >> Hello, >> if you want to prevent direct access to your .jsp's, you need to put >> them inside the WEB-INF/classes directory. That one is a question that >> popup in the list from time to time. >> But if you want your users to go throu the links at the home, you have >> to implement some trickery, in the form of some parameter that if not >> present will redirect the user to the home, or some trickery to >> redirect the user to the home if there is no session or something in >> the line. I'ts difficult to do that, and almost for sure isn't worth >> the hassle to do it. >> Regards, >> >> >> Si quieres ser más positivo, pierde un electrón >> Miguel Ruiz Velasco Sobrino >> >> >> >> On Mon, Jul 5, 2010 at 23:53, Kushan Jayathilake <kusha...@gmail.com> >> wrote: >> > Hi Guys, >> > >> > Can anyone suggest me how to prevent an user entering a direct URL for >> the >> > JSP instead of action, >> > >> > ie : *search.jsp* instead of *search.action* >> > >> > I want to control this, so the users must enter an URL ends with >> > *.action*and i also wants to control access some pages by typing its >> > action name >> > also, >> > like it shouldn't be allowed to go anyother page directly, instead users >> > must go through the buttons and links appears on the home page >> > >> > ie: if anyone want to go to *summary.action* he must first go to the * >> > search.action* first. >> > >> > Hope im clear enough.. :) can anyone suggest me how to do this? >> > >> > -- >> > Regards >> > Kushan Jayathilake >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > > > > -- Regards Kushan Jayathilake
