[EMAIL PROTECTED] wrote:
For example my user can create a client form creatClient.jsp but can
also go straight to the editClient.jsp by adding it to the URl and I
want to stop this
1) Put JSPs under /WEB-INF somewhere (like /WEB-INF/jsp/...) Somebody
already mentioned this. Only access the JSPs through an Action; not
directly.
2) Implement some sort of flow-control/state machine mechanism (Struts
flow or home-brew) so that when you execute an action either a filter or
base action class checks to see if the request is an allowable state. If
not, go to an appropriate page.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
