You should never allow JSP pages to be accessed directly. Place them behind
WEB-INF and your problem goes away.
On Thu, Apr 7, 2011 at 8:46 PM, Dave Shevett <d...@homeport.org> wrote:
> I have an app that uses a generic interceptor on all action calls to verify
> if the session is active, and if it isn't, it returns 'notloggedin', which I
> have a global result for.
>
> This works -great-, except for one of my actions, which is a generic loader
> for JSP's.
>
> The interceptor definition:
>
> <interceptor-stack name="pppweb">
> <interceptor-ref name="siteConfigCheck" />
> <interceptor-ref name="paramsPrepareParamsStack" />
> <interceptor-ref name="publicLoginChecker" />
> </interceptor-stack>
>
> 'publicloginchecker' has a simple "checking session" debug rule. For all
> normal calls that have an action mapped, it always says it's checking the
> session. But many of my actions I have a SUCCESS entry that does somethign
> like this:
>
> <result name="success" type="redirectAction">public/MyHome</result>
>
> And I have a generic JSP catcher:
>
> <action name="public/*" class="com.stonekeep.congo.web.WebActions">
> <interceptor-ref name="pppweb"/>
> <result name="success">/WEB-INF/jsp/public/{1}.jsp</result>
> <result name="input">/WEB-INF/jsp/public/{1}.jsp</result>
> </action>
>
> Last but not least, I have a global results entry:
> <result name="notloggedin" type="redirectAction">public/Welcome</result>
>
> All of this works just spiffily. The JSP's render, all is well, EXCEPT in
> the case where I hit a JSP directly via public/SomeJspName. In this
> situation, the JSP renders, but hte interceptor does not trigger. This
> results in odd behaviour for folks who have had a session timeout, or are
> hitting random URLs for JSP pages. They see the page, it has no session
> content.
>
> Help?
>
> -dave
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
