It *sounds* like what you're trying to do is to only allow access to static resources if they're requested from within a web page--is that correct? *That's correct Dave!*
Why* are you trying to do that? The answer may dictate the solution. You can always stream static resources to the browser via S2, but... if it's page-level resources (images, CSS, etc.) I don't see the point. PDFs etc. I could understand. *I don't understand the reason for restricting access to images, js and css but I've been requested to do it hehe* Isn't security-contraint supposed to restrict the access to the specified url-patterns? Do you know any way to implement that using struts2? My original problem is that in my struts.xml file I can only define actions, therefore something like this: http://server:port/AppName/ images/image_name.jpg Won't map to any action and it'll be directly handled by the container. Is there any way to define a default response for non-action requests?? There's a way to define default actions, for example if the user types in an action that does not exist such as: http://server:port/AppName/home/Hehehe.action I am using the following tag: <default-action-ref name="Home" /> and it makes sure to always direct all the actions to Home Is there any way to do that.. for everything-else requests? Requests like: http://server:port/AppName/images/image_name.jpg http://server:port/AppName/pdf/contract.pdf http://server:port/AppName/css/styles.css (*) Sorry If I'm asking dumb things, like I mentioned in my first email I am new with struts2 Thanks for your help! Eric
