Once you set redirect=true, the JSP pages being linked must be available for direct retrieval from browsers.
Apparently, things under WEB-INF are not ready for direct retrieval. And this *rule* is not supported by all application server in all versions. So the best way I suggest is to use the servlet container's security constraints. The following section is taken from our product Carrier's web.xml file. You could use it as your reference which protects everything under the directories /org/training/4th_Grade/* and /org/training/Unit_Test/*. <security-constraint> <!-- No direct access to the training organization's page --> <web-resource-collection> <web-resource-name>Training Organization</web-resource-name> <url-pattern>/org/training/4th_Grade/*</url-pattern> <url-pattern>/org/training/Unit_Test/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>nobody</role-name> </auth-constraint> </security-constraint> The security constraint is supported by all application servers in recent versions. But problems occurs when redirect=true is used. It becomes very messy because some of your pages should be placed under the security constraint and some should not. Any way, the quick workaround is to put the page outside the security constraint. But the burden is too much for web server administrators. Carrier cleverly solves the problem. It put *everything* under the security constraint while allowing redirect links to be used! We also believe that the generated links should not carry *.jsp at all! Carrier uses the action path or module path on the generated redirect links. There is a demo for the use of the redirect links. Carrier and source codes of Wheels can be obtained at: http://www.netspread.com/downloads/instructions.html Look at the concept regarding to the Carrier Orbits. It is all about the productivity of developers and designers. Jing Netspread Carrier http://www.netspread.com ----- Original Message ----- From: "Jim Collins" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Tuesday, June 24, 2003 12:14 AM Subject: Forward with anchor to a restricted page > Hi, > > I was using a forward with an anchor to a jsp that was working fine, I had > set the redirect=true so that the borowser would go to the anchor. I have > now moved the jsp page into the WEB-INF directory because I don't want users > to be able to access any JSP's directly I want all access to be via the > controller. However now when the I click on the link I get a page can't be > found. I know why this is happening because in my action I am redirecting to > myapp/WEB-INF/browse.jsp and the browser can't access any pages in WEB-INF. > > Does anyone know of any workaround for this? > > Regards > > Jim. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
