so how can i solve .do issue. the jsp files are not under WEB-INF. so in struts-config.xml it requires path to jsp. and if i try with .do, it finds nothing.
regards On Thu, Dec 4, 2008 at 6:22 PM, Greg Lindholm <[EMAIL PROTECTED]> wrote: > > You don't need to keep your jsp's under WEB-INF, you can setup a security > constraint to prevent access to your raw jsp files. > > We keep our jsp's in a /struts folder and use this security constraint in > the web.xml file. > The key is the constraint has no roles so no access is allowed. > > <security-constraint> > <display-name>Prevent access to raw pages.</display-name> > <web-resource-collection> > <web-resource-name>Raw Pages</web-resource-name> > <url-pattern>/error.jsp</url-pattern> > <url-pattern>/struts/*</url-pattern> > <url-pattern>/META-INF/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <description>No roles, so no direct > access</description> > </auth-constraint> > </security-constraint> > > > Paul Benedict-2 wrote: > > > > Definitely move them under WEB-INF. Otherwise, you can never enforce > > people going through your action if they know the JSP address. > > > > At any rate, you can just put the JSP file in the path of the <forward> > > > > Paul > > > > -- > View this message in context: > http://www.nabble.com/.do-and-.jsp-tp20787624p20838128.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >