You completely missed the point of my posting, and what was going on. Had
you bothered looking at the results below, you would have seen, in fact,
the WEB-INF is storing my jsps...
<result name="success">/WEB-INF/jsp/public/{1}.jsp</result>
I am not, in fact, accessing them directly.
I'm trying, in fact, to make sure an interceptor checks to make sure there
are active sessions before serving up the JSP.
-d
On Fri, 8 Apr 2011 stanl...@gmail.com wrote:
You should never allow JSP pages to be accessed directly. Place them behind
WEB-INF and your problem goes away.
On Thu, Apr 7, 2011 at 8:46 PM, Dave Shevett <d...@homeport.org> wrote:
I have an app that uses a generic interceptor on all action calls to verify
if the session is active, and if it isn't, it returns 'notloggedin', which I
have a global result for.
This works -great-, except for one of my actions, which is a generic loader
for JSP's.
The interceptor definition:
<interceptor-stack name="pppweb">
<interceptor-ref name="siteConfigCheck" />
<interceptor-ref name="paramsPrepareParamsStack" />
<interceptor-ref name="publicLoginChecker" />
</interceptor-stack>
'publicloginchecker' has a simple "checking session" debug rule. For all
normal calls that have an action mapped, it always says it's checking the
session. But many of my actions I have a SUCCESS entry that does somethign
like this:
<result name="success" type="redirectAction">public/MyHome</result>
And I have a generic JSP catcher:
<action name="public/*" class="com.stonekeep.congo.web.WebActions">
<interceptor-ref name="pppweb"/>
<result name="success">/WEB-INF/jsp/public/{1}.jsp</result>
<result name="input">/WEB-INF/jsp/public/{1}.jsp</result>
</action>
Last but not least, I have a global results entry:
<result name="notloggedin" type="redirectAction">public/Welcome</result>
All of this works just spiffily. The JSP's render, all is well, EXCEPT in
the case where I hit a JSP directly via public/SomeJspName. In this
situation, the JSP renders, but hte interceptor does not trigger. This
results in odd behaviour for folks who have had a session timeout, or are
hitting random URLs for JSP pages. They see the page, it has no session
content.
Help?
-dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
