Hi, I am new to appfuse and to many technologies it uses (like sitemesh, freemarker, infact struts2 itself). I am using spring-struts2-jpa stack. While working locally i noticed that one can see the code thats put in files under some directories outside the WEB-INF, so i checked the hosted demo, which also shows the same behavior : http://demo.appfuse.org/appfuse-struts/template/xhtml/controlfooter.ftl
and some urls, if referred directly, can render unexpected (well... expected) output like this: http://demo.appfuse.org/appfuse-struts/decorators/default.jsp I am sure you must have noticed this and Although the code displayed or page rendered improperly do not have any devastating results, I am just curious to know that does this problem exist in all the java webapps? we can secure these directories just like its done for the admin/, isn't it? PS: please excuse my English and java web development knowledge. Kunal
