Hello, I'm using Struts and Tomcat 3.2.1. Is it possible to set things up so that jsps cannot be directly accessed at all, but must always be referenced through an action? I had writen a <checkLogon> tag for inclusion in each jsp when the above question occured to me. I've looked at web.xml descriptions etc., but I don't really want to setup role based security, I just want any URL of the type http://localhost:8080/CompEnterprise/jsp/ to get a 404, yet still allow Struts to forward to them and work...this would allow me to do logon validation within the actions and not the jsps. This would also solve the problem of someone going to a jsp that depends on request data that is set by the action. thanks, dan