This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes Custom RequestProcessor Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Custom RequestProcessor" Watch "Custom RequestProcessor" New topic
Author

Custom RequestProcessor

Abhay Kumar J
Greenhorn

Joined: Feb 20, 2009
Posts: 1
I'm developing a struts application, in which I've extended the RequestProcessor to check the session. Everything is fine and works as expected. But an unauthenticated user can simply access the JSP pages directly. Here the request to the JSP page completely bypasses the RequestProcessor, only requests with logical labels like xyz.do go through the RequestProcessor.

After searching the web, one solution is to keep the JSP pages inside the WEB-INF directory. But is it possible to send every request through the RequestProcessor?
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

The RequestProcessor only processes Struts 1 requests. In other words, whatever the Struts 1 servlet is mapped to (*.do by default).

Putting the JSPs under /WEB-INF is the canonical and recommended solution.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Custom RequestProcessor
 
Similar Threads
What are the differences btw MVC and Front Controller design patterns?
struts 1.beginner, code not working
Use of UrlRewrite
RequestProcessor Methods
tomcat ejb help