IMO these are two bad solutions + Setting an attribute can be bypassed doing /page2.jsp?referer=true + I am almost sure HTTP headers can be modified easily, so using http "referer" header may be unsafe...
See David Graham post in this thread to prevent access to any *.jsp file. Regards from Spain, Guido. On Mon, 13 Jan 2003 [EMAIL PROTECTED] wrote: } Yes, you can use the struts-config.xml, actions or forwards } but if you don't want struts to know about (!) you can check by setting and } contextual attribute : } page1: request.setAttribute("referer", "true") } page 2: request.getAttribute("referer") = true ? } } or use the http headers : getHeader("referer"); and check if the referer is } the right one. } } Hopefully it will help, } fabrice. } } -----Original Message----- } From: Colquhoun, Adrian [mailto:[EMAIL PROTECTED]] } Sent: lundi 13 janvier 2003 16:41 } To: [EMAIL PROTECTED] } Subject: Controlling Direct Access to jsp pages } } } } Hi } } If I have three pages in my view layer that must be called in sequence e.g. } } - step1.jsp then } - step2.jsp then } - step3.jsp } } How do I ensure that my users do not call step2 and step3 directly via a } web browser. Do I need to use a custom tag in pages 2 and 3 to check this } or is there some way to force all requests for .jsp pages in my application } to route via the ActionServlet } } Thanks } } Adrian } } } ======================================================================= } Information in this email and any attachments are confidential, and may } not be copied or used by anyone other than the addressee, nor disclosed } to any third party without our permission. There is no intention to } create any legally binding contract or other commitment through the use } of this email. } } Experian Limited (registration number 653331). } Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF } } -- } To unsubscribe, e-mail: } <mailto:[EMAIL PROTECTED]> } For additional commands, e-mail: } <mailto:[EMAIL PROTECTED]> } } -- } To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> } For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> } ------------------------------------------------------------------------ Guido Garcia Bernardo [EMAIL PROTECTED] [EMAIL PROTECTED] "stat rosa pristina nomine, nomina nuda tenemus." ------------------------------------------------------------------------ http://members.ud.com/services/teams/team.htm?id=D8624419-BFB6-4772-A01A-0045631F979F -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>