This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Struts and the fly likes Securing JSP's Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Securing JSP Watch "Securing JSP New topic
Author

Securing JSP's

sumev kohli
Greenhorn

Joined: Nov 11, 2008
Posts: 1
Hi,

How to prevent the successfully logged in User from typing the earlier remembered URL�s pointing to specific Action (without navigating through the specified Links).
(Currently JSP's under Webcontent/resources)

Thanks
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

If you're just concerned about not allowing access to JSPs then put them under /WEB-INF--the container has access to them, the user doesn't.

If you're concerned about enforcing application flow there are a number of solutions, many involving keeping session or request data holding current state, allowable "next state"s, etc.

Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Securing JSP's
 
It's not a secret anymore!