I have had a go at this - I get a 500 error message "Cannot perform access control without an authenticated principal" - presumably I need to do something else as well ?
-----Original Message----- From: David Graham [mailto:[EMAIL PROTECTED]] Sent: 13 January 2003 15:54 To: [EMAIL PROTECTED] Subject: Re: Controlling Direct Access to jsp pages Put this security info at the bottom of your web.xml to prevent access to any *.jsp file: <security-constraint> <web-resource-collection> <web-resource-name>SecureAllJSPs</web-resource-name> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>nobody</role-name> </auth-constraint> </security-constraint> <security-role> <description>No one should be put in this role.</description> <role-name>nobody</role-name> </security-role> David >From: "Colquhoun, Adrian" <[EMAIL PROTECTED]> >Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: Controlling Direct Access to jsp pages >Date: Mon, 13 Jan 2003 15:40:45 -0000 > > >Hi > >If I have three pages in my view layer that must be called in sequence e.g. > > - step1.jsp then > - step2.jsp then > - step3.jsp > > How do I ensure that my users do not call step2 and step3 directly via a >web browser. Do I need to use a custom tag in pages 2 and 3 to check this >or is there some way to force all requests for .jsp pages in my application >to route via the ActionServlet > >Thanks > >Adrian > > >======================================================================= >Information in this email and any attachments are confidential, and may >not be copied or used by anyone other than the addressee, nor disclosed >to any third party without our permission. There is no intention to >create any legally binding contract or other commitment through the use >of this email. > >Experian Limited (registration number 653331). >Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?page=features/virus -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ======================================================================= Information in this email and any attachments are confidential, and may not be copied or used by anyone other than the addressee, nor disclosed to any third party without our permission. There is no intention to create any legally binding contract or other commitment through the use of this email. Experian Limited (registration number 653331). Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
