Hi. In a JSF application (as well as in a Struts application), Where to put the -result- page so it will be unaccessable from the user if he tried to guess a name ? Yes, I can create a folder under WEB-INF dir called for example jsp or jsf , but are there any other solutions ?
A few things. You can use the container managed security features of your app server (tomcat, Weblogic, JBoss, Resin, etc) to lock down your pages. You can also create a filter (SecurityFilter) that makes sure whoever has the right privileges can only view the pages.
If it's a matter of the order in which the pages are viewed in the sense that you don't want someone to view results without being at the prior page first, that's probably something you'll need to configure in your managed bean.