Hmm... difficult one. What about creating a 'BaseAction' which all actions inherit, which checks a session attribute.
A session attribute could be set by the valid site entrance action. All other actions inherit the default behaviour: if the session attribute doesnt exist then redirect to entrance page otherwise process as normal. Doesnt stop people seeing your details, but would make any bookmark jump to the homepage. Daniel. > -----Original Message----- > From: Peter Neu [mailto:[EMAIL PROTECTED] > Sent: 10 November 2004 14:59 > To: Struts Users Mailing List > Subject: Re: Hiding Url File Parameters > > > I'm just trying to hide all the technical details from the user. Nobody > should attempt to bookmark a page using the Action.do > even if it's technically not possible (when using a filter). > > Regards, > > Peter > > Daniel Perry schrieb: > > >What exactly is it that you're trying to stop people accessing/doing? > > > >Daniel. > > > > > > > >>-----Original Message----- > >>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>Sent: 10 November 2004 14:24 > >>To: Struts Users Mailing List > >>Subject: Re: Hiding Url File Parameters > >> > >> > >>OK. Then I will have rely on the filter mechanism > >>defined in the web.xml. > >> > >>Regards, > >> > >>Peter > >> > >> > >> > >>>In short no. > >>> > >>>To execute a struts action, the browser MUST make an HTTP > request. This > >>>request MUST specify an object (in HTTP context) to retrieve. > >>> > >>> > >>There is no > >> > >> > >>>way to fully hide this url. It can appear to be achieved using > >>> > >>> > >>a frameset > >> > >> > >>>with one frame 100%x100% - only the frameset url is shown in > the browser. > >>> > >>>You can also not use .do - set the servlet mapping to anything > >>> > >>> > >>you want - i > >> > >> > >>>believe that you can even use .html as the extension. > >>> > >>>Whatever you do will only be effective at hiding it from people > >>> > >>> > >>in general - > >> > >> > >>>anyone who knows about HTTP (eg hackers) can manually make the > >>> > >>> > >>requests and > >> > >> > >>>get round this, so really there is no advantage to hiding the > url in the > >>>first place. > >>> > >>>Daniel. > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>>>-----Original Message----- > >>>>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>>>Sent: 09 November 2004 19:02 > >>>>To: Struts Users Mailing List > >>>>Subject: Re: Hiding Url File Parameters > >>>> > >>>> > >>>>Thanks that definitely solved the problem. > >>>> > >>>>Is there also a way to get rid of the Action.do ? > >>>> > >>>>Regards, > >>>> > >>>>Swen > >>>> > >>>> > >>>> > >>>>Daniel Perry schrieb: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>Yep, > >>>>>Change your code to: > >>>>>nextPage = mapping.findForward("struts"); > >>>>> > >>>>>and change the forward to: > >>>>> > >>>>><forward name="struts" path="/WEB-INF/struts.jsp" redirect="false" > >>>>>contextRelative="true"/> > >>>>> > >>>>>Note if you dont want a lot of mess in WEB-INF, put them in a > >>>>> > >>>>> > >>>>> > >>>>> > >>>>folder ie jsps > >>>> > >>>> > >>>> > >>>> > >>>>>and use /WEB-INF/jsps/struts.jsp > >>>>> > >>>>>Hope that helps, > >>>>> > >>>>>Daniel. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>-----Original Message----- > >>>>>>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>>>>>Sent: 09 November 2004 17:55 > >>>>>>To: Struts Users Mailing List > >>>>>>Subject: Re: Hiding Url File Parameters > >>>>>> > >>>>>> > >>>>>>OK. I tried this : > >>>>>> > >>>>>>nextPage = new > ActionForward(mapping.findForward("struts").getPath(), > >>>>>>false); // set the flag to false > >>>>>> > >>>>>>and put the JSP's into the WEB-INF folder. > >>>>>> > >>>>>>When I tried to call the ActionClass the following error occured : > >>>>>> > >>>>>>java.lang.IllegalArgumentException: Path struts.jsp does not > >>>>>>start with a "/" character > >>>>>> > >>>>>>org.apache.struts.action.RequestProcessor.doForward(RequestProcess > >>>>>>or.java:1062) > >>>>>> > >>>>>>org.apache.struts.action.RequestProcessor.processForwardConfig(Req > >>>>>>uestProcessor.java:455) > >>>>>> > >>>>>>org.apache.struts.action.RequestProcessor.process(RequestProcessor > >>>>>>.java:279) > >>>>>> > >>>>>>org.apache.struts.action.ActionServlet.process(ActionServlet.j > >>>>>> > >>>>>> > >>ava:1482) > >> > >> > >>>>>>org.apache.struts.action.ActionServlet.doPost(ActionServlet. > java:525) > >>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:709) > >>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > >>>>>> > >>>>>>Here is the definition of the Action which is explicitly called > >>>>>>and which causes the error: > >>>>>> > >>>>>><action path="/postHv" > >>>>>> input="struts.jsp" > >>>>>> name="postHvForm" > >>>>>> scope="request" > >>>>>> validate="true" > >>>>>> type="pack.servlets.PostHv"> > >>>>>> <forward name="struts" path="struts.jsp" /> > >>>>>> </action> > >>>>>> > >>>>>>Do you have any idea what I did wrong ? > >>>>>> > >>>>>> > >>>>>>Regards, > >>>>>> > >>>>>>Peter > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>Daniel Perry schrieb: > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>So you have an action, which forwards to a jsp page, and you > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>dont want the > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>users to see the blah.jsp? > >>>>>>> > >>>>>>>Just set redirect to false. This causes it to forward the request > >>>>>>>internally without sending a browser redirect. The jsp will be > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>processed, > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>and return the result to the browser, but as far as the browser > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>is concerned > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>it will look like its come from the action. > >>>>>>> > >>>>>>>One method of 'hiding' jsps is to put them in the WEB-INF > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>directory, and use > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>>>forwards (not redirects) as this way the client CANNOT > >>>>>>> > >>>>>>> > >>access the jsps > >> > >> > >>>>>>>directly. > >>>>>>> > >>>>>>>Daniel. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>-----Original Message----- > >>>>>>>>From: Peter Neu [mailto:[EMAIL PROTECTED] > >>>>>>>>Sent: 09 November 2004 16:41 > >>>>>>>>To: Struts Users Mailing List > >>>>>>>>Subject: Re: Hiding Url File Parameters > >>>>>>>> > >>>>>>>> > >>>>>>>>Hello Joe, > >>>>>>>> > >>>>>>>>the value of the redirect flag is true since I cannot > forward when > >>>>>>>>it is set to false. I thought this was the regular way to forward > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>from one jsp-page to another. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>>Isn't there any other option how I can do the forward and > >>>>>>>>keep the file-name of the jsp-page out of the URL ? > >>>>>>>> > >>>>>>>>Best Regards, > >>>>>>>> > >>>>>>>>Peter > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>Joe Germuska schrieb: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>At 4:03 PM +0100 11/9/04, Peter Neu wrote: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>>Hello, > >>>>>>>>>> > >>>>>>>>>>How can I manipulate the URL-Mapping in the > >>>>>>>>>>web.xml /struts-config.xml in order to hide > >>>>>>>>>>the filenames when I use the ActionForward in an ActionServlet? > >>>>>>>>>>Currently the URL displays all the files which I forward to. > >>>>>>>>>> > >>>>>>>>>>Before I posted this message I looked through the mail archieve > >>>>>>>>>>but I only found some suggestions using JScript which I > would like > >>>>>>>>>>to keep out of my application as much as possible. > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>Are you returning an ActionForward which has a 'true' > value for its > >>>>>>>>>redirect property? In this case, the answer is "no." > >>>>>>>>> > >>>>>>>>>Otherwise, you could have a Struts action read the file from the > >>>>>>>>>filesystem and write the bytes to the response. This > >>>>>>>>> > >>>>>>>>> > >>would hide the > >> > >> > >>>>>>>>>true file name. > >>>>>>>>> > >>>>>>>>>Joe > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>------------------------------------------------------------ > >>>>>>>> > >>>>>>>> > >>--------- > >> > >> > >>>>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>----------------------------------------------------------- > ---------- > >>>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>------------------------------------------------------------ > --------- > >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>--------------------------------------------------------------------- > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>--------------------------------------------------------------------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>> > >>> > >>> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
