aspose file tools*
The moose likes Struts and the fly likes Securing JSP's Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Securing JSP Watch "Securing JSP New topic
Author

Securing JSP's

sumev kohli
Greenhorn

Joined: Nov 11, 2008
Posts: 1
Hi,

How to prevent the successfully logged in User from typing the earlier remembered URL�s pointing to specific Action (without navigating through the specified Links).
(Currently JSP's under Webcontent/resources)

Thanks
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

If you're just concerned about not allowing access to JSPs then put them under /WEB-INF--the container has access to them, the user doesn't.

If you're concerned about enforcing application flow there are a number of solutions, many involving keeping session or request data holding current state, allowable "next state"s, etc.

Dave
 
Don't get me started about those stupid light bulbs.
 
subject: Securing JSP's