wood burning stoves 2.0*
The moose likes Struts and the fly likes Securing JSP's Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Securing JSP Watch "Securing JSP New topic

Securing JSP's

sumev kohli

Joined: Nov 11, 2008
Posts: 1

How to prevent the successfully logged in User from typing the earlier remembered URL�s pointing to specific Action (without navigating through the specified Links).
(Currently JSP's under Webcontent/resources)

David Newton

Joined: Sep 29, 2008
Posts: 12617

If you're just concerned about not allowing access to JSPs then put them under /WEB-INF--the container has access to them, the user doesn't.

If you're concerned about enforcing application flow there are a number of solutions, many involving keeping session or request data holding current state, allowable "next state"s, etc.

I agree. Here's the link: http://aspose.com/file-tools
subject: Securing JSP's
Similar Threads
Work folder
Translation time error and run time errors
jsp question - errorPage
How to send data from one action class to another action class
Forte for Java