How can I set things up so people can't get to a jsp page? I can set it up so a jsp page is never in the url - but if someone knows the file name they can still get to it. (And a cardinal rule of security is that an unlisted filename is not very effective protection.)
thanks - dave ----- Original Message ----- From: "Emerson Cargnin" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Tuesday, August 26, 2003 2:52 PM Subject: Re: login test in a jsp page - any suggestions > isn't it should be better to put his verification at actions? maybe a > common super action could validade it, but I think that the jsp should > be the last place to put it. Ideally, the jsp's are not even exposed to > clients, making the access the view only through actions. > > David Thielen wrote: > > Hi; > > > > I want to put a test in every jsp page to see if the user is logged in. And if not, to forward them to login.jsp. Is there any way to do this other than putting java code in my jsp? I'm hoping there is some struts system like <html:check app="MyAction"/>. > > > > (Yes, I can have everything be an action that does this test and then goes to the jsp page - but in that case what if they type the path for the jsp page directly?) > > > > thanks - dave > > > -- > Emerson Cargnin > Analista de Sistemas > Setor de Desenvolvimento de Sistemas - TRE-SC > tel : (048) - 251-3700 - Ramal 3181 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
