Thanks for all the ideas. Looks like my best option is , as was suggested,
to place all JSPs below WEB-INF. This way they are invisible to the browser
but visible to the struts forwarding mechanism. In addition, I can then
create a tag to do some extra checking as you suggest.
Thanks to all again!
_______________________
Will Spies
Towers Perrin
Phone: (215)246-7145
e-mail: [EMAIL PROTECTED]
To: "Struts Users Mailing List"
<[EMAIL PROTECTED]>
Kevin.Bedell@sunl cc: (bcc: Will Spies/Towers
Perrin)
ife.com Subject: Re: Design question
04/30/02 08:10 AM
Please respond to
"Struts Users
Mailing List"
If you're using Apache, create a rewrite rule that rewrites anything ending
in .jsp to .do.
Or a rewrite rule that filters only URI's in your webapp and forwards them
to a home page if a .jsp is requested.
I don't think there can be a Struts'only solution. The issue is that any
URI ending in .jsp could be requested - Struts works by recognizing certain
URI's (those specified by the definition of the primary Action servlet in
yout web.xml), and routing them to the central Action servlet for
processing.
If a URI is requested (ending in jsp or not) that doesn't match the URI
pattern for the Action servlet, then Struts won't even see it.
A generic jsp approach might be to create a custom tag (like,
<CheckValidRequest> or something similar) that looks for a bean or
something similar that should be
in the Session. If it's not there then redirect to a home page or
something.
"Will Spies/Towers Perrin" <[EMAIL PROTECTED]> on 04/29/2002 04:08:04 PM
Please respond to "Struts Users Mailing List"
<[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
cc: (bcc: Kevin Bedell/Systems/USHO/SunLife)
Subject: Re: Design question
Good idea but the other problem is your web server doesn't mix with
non-Struts applications. I was kinda hoping for a struts only solution.
Thanks for the idea though!
_______________________
Will Spies
Towers Perrin
Phone: (215)246-7145
e-mail: [EMAIL PROTECTED]
To: "Struts Users
Mailing List" <[EMAIL PROTECTED]>
Kevin.Bedell@sunl cc: (bcc: Will
Spies/Towers Perrin)
ife.com Subject: Re: Design
question
04/29/02 03:51 PM
Please respond to
"Struts Users
Mailing List"
Configure the web server to not recognize the .jsp mime type. Then any
link to a .jsp page will generate an "Error 404 Page Not Found". The
servlet mappings should still work fine.
That being said, I've found that whenever I make a decision like this based
on a design preference, I almost always find some unusual case where it
really makes sense to do things the way I've said shouldn't be done.
FWIW -
Kevin
"Will Spies/Towers Perrin" <[EMAIL PROTECTED]> on 04/29/2002 03:53:16 PM
Please respond to "Struts Users Mailing List"
<[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
cc: (bcc: Kevin Bedell/Systems/USHO/SunLife)
Subject: Design question
In my opinion, most ( if not all ) links should be Action URIs. What I mean
is, struts views should not post to urls which are JSP struts views.
Rather, valid URLs that are posted to ( or even referenced in ) should
always be controllers. For those who agree with this philosophy, can you
give me some suggestions on how I can force this? One idea I've had is to
place a customized on top of all JSP views which checks for a hidden
request variable that only my controllers know about. So, if this request
variable is not found than the view craps out. Any other ideas?
_______________________
Will Spies
Towers Perrin
Phone: (215)246-7145
e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: <
mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <
mailto:[EMAIL PROTECTED]>
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
--
To unsubscribe, e-mail: <
mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <
mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <
mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <
mailto:[EMAIL PROTECTED]>
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
--
To unsubscribe, e-mail: <
mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <
mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
