Ah perfect, I was not aware this was the case. Thanks!
Jim Kiley wrote:
Put the JSP under /WEB-INF -- it is accessible to Struts routing but not directly viewable by end clients. jk On Fri, May 15, 2009 at 2:36 PM, Timothy Orme <to...@genome.med.harvard.edu>wrote:Hello All, I'm in the process of migrating pages from JSP's using snippets to struts actions. I'm wondering how people have disabled access to JSP's so that they cannot be accessed outside of the action anymore. Right now if I have an action like: <action name="ViewIndex" class="action.BaseAction"> <result name="success">/private/index.jsp</result> </action> There is nothing preventing the user from just browsing directly to /private/index.jsp instead of accessing it through the Action URL. This could have some bad implications about security, but also might just look bad if a page that should be receiving data from an action no longer has the source. How have people worked around this in the past? -Tim Orme --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
