We put all our jsp file into a /struts/ folder then add the following security contraint to web.xml
<security-constraint> <display-name>Prevent access to raw pages.</display-name> <web-resource-collection> <web-resource-name>Raw Pages</web-resource-name> <url-pattern>/struts/*</url-pattern> </web-resource-collection> <auth-constraint> <description>No roles, so no direct access</description> </auth-constraint> </security-constraint> On Thu, Jun 18, 2009 at 9:32 AM, abhishek reddy <abhishek.c1...@gmail.com>wrote: > how to prevent users from directly accessing jsp files, rather they have to > come thru sturts action? > > -- > Abhishek >