File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Securing JSP's Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Securing JSP Watch "Securing JSP New topic

Securing JSP's

sumev kohli

Joined: Nov 11, 2008
Posts: 1

How to prevent the successfully logged in User from typing the earlier remembered URL�s pointing to specific Action (without navigating through the specified Links).
(Currently JSP's under Webcontent/resources)

David Newton

Joined: Sep 29, 2008
Posts: 12617

If you're just concerned about not allowing access to JSPs then put them under /WEB-INF--the container has access to them, the user doesn't.

If you're concerned about enforcing application flow there are a number of solutions, many involving keeping session or request data holding current state, allowable "next state"s, etc.

I agree. Here's the link:
subject: Securing JSP's
jQuery in Action, 3rd edition