• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Custom RequestProcessor

 
Abhay Kumar J
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm developing a struts application, in which I've extended the RequestProcessor to check the session. Everything is fine and works as expected. But an unauthenticated user can simply access the JSP pages directly. Here the request to the JSP page completely bypasses the RequestProcessor, only requests with logical labels like xyz.do go through the RequestProcessor.

After searching the web, one solution is to keep the JSP pages inside the WEB-INF directory. But is it possible to send every request through the RequestProcessor?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The RequestProcessor only processes Struts 1 requests. In other words, whatever the Struts 1 servlet is mapped to (*.do by default).

Putting the JSPs under /WEB-INF is the canonical and recommended solution.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic