This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
I'm developing a struts application, in which I've extended the RequestProcessor to check the session. Everything is fine and works as expected. But an unauthenticated user can simply access the JSP pages directly. Here the request to the JSP page completely bypasses the RequestProcessor, only requests with logical labels like xyz.do go through the RequestProcessor.
After searching the web, one solution is to keep the JSP pages inside the WEB-INF directory. But is it possible to send every request through the RequestProcessor?