Hi Miguel ,
I have found out the way to restrict accesses to JSP files, with this you
can have your JSP files anywhere, just add following fragment to *web.xml*file.
<security-constraint>
<web-resource-collection>
<web-resource-name>Deny Direct Access</web-resource-name>
<description></description>
<url-pattern>*.jsp</url-pattern>
<url-pattern>summary</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Denied</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>Denied</role-name>
</security-role>
But still couldnt find a way to stop users accessing other inside pages,
like if you want to go to the *summary.action* file then you must go the *
search.action* first, then follow a link there.
--
Regards
Kushan Jayathilake
On Tue, Jul 6, 2010 at 10:33 AM, Miguel <miguel...@gmail.com> wrote:
> Hello,
> if you want to prevent direct access to your .jsp's, you need to put
> them inside the WEB-INF/classes directory. That one is a question that
> popup in the list from time to time.
> But if you want your users to go throu the links at the home, you have
> to implement some trickery, in the form of some parameter that if not
> present will redirect the user to the home, or some trickery to
> redirect the user to the home if there is no session or something in
> the line. I'ts difficult to do that, and almost for sure isn't worth
> the hassle to do it.
> Regards,
>
>
> Si quieres ser más positivo, pierde un electrón
> Miguel Ruiz Velasco Sobrino
>
>
>
> On Mon, Jul 5, 2010 at 23:53, Kushan Jayathilake <kusha...@gmail.com>
> wrote:
> > Hi Guys,
> >
> > Can anyone suggest me how to prevent an user entering a direct URL for
> the
> > JSP instead of action,
> >
> > ie : *search.jsp* instead of *search.action*
> >
> > I want to control this, so the users must enter an URL ends with
> > *.action*and i also wants to control access some pages by typing its
> > action name
> > also,
> > like it shouldn't be allowed to go anyother page directly, instead users
> > must go through the buttons and links appears on the home page
> >
> > ie: if anyone want to go to *summary.action* he must first go to the *
> > search.action* first.
> >
> > Hope im clear enough.. :) can anyone suggest me how to do this?
> >
> > --
> > Regards
> > Kushan Jayathilake
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
