Add the following to your web.xml file and change the url-pattern's to
catch any jsp files you do not want the user to have direct access to.
<security-constraint>
<display-name>Prevent access to raw pages.</display-name>
<web-resource-collection>
<web-resource-name>Raw Pages</web-resource-name>
<url-pattern>/error.jsp</url-pattern>
<url-pattern>/struts/*</url-pattern>
<url-pattern>/META-INF/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>No roles, so no direct access</description>
</auth-constraint>
</security-constraint>
On Fri, Jul 16, 2010 at 7:57 AM, J_e_f_f <jam0...@gmail.com> wrote:
>
>
>
> Miguel-55 wrote:
>>
>> I use struts 2.1.81. and I don't want that my users access directly my
>> .jsp, so I put them inside WEB-INF.
>>
>
> You don't *have* to put your JSPs in WEB-INF to protect them from direct
> access. You can put them in folders under the web root named according to
> your package namespace and then add a security constraint to protect those
> folders in your web.xml.
>
> Regards,
> Jeff
>
> --
> View this message in context:
> http://old.nabble.com/jsp-in-WEB-INF-tp29179165p29182852.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
