It's not a secret anymore!*
The moose likes Struts and the fly likes help me with struts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "help me with struts" Watch "help me with struts" New topic
Author

help me with struts

k mut
Greenhorn

Joined: Aug 26, 2005
Posts: 16
what if a user types in the direct jsp page into the browser www.xamplesite.com/xample.jsp

No STRUTS action will be called, so that wont work.
how can i take care of it.I doesn't want to go thru menu.
nothing need to be submitted in that jsp page
just i need to call the struts action that gets datas from database, so the user will get updated information and the i wont verify any authentication for user this is just for some known user.
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

How about asking Struts questions in the Struts forum. I'll move this over there.


GenRocket - Experts at Building Test Data
Mark Blackledge
Greenhorn

Joined: Nov 04, 2005
Posts: 5
Originally posted by k mut:
what if a user types in the direct jsp page into the browser www.xamplesite.com/xample.jsp

No STRUTS action will be called, so that wont work.
how can i take care of it.


To prevent the user from accessing the JSP page directly, place the JSP page in a location that the users have no access to. For example, /WEB-INF/JSP/xample.jsp.
Hendy Setyo Mulyo
Ranch Hand

Joined: Dec 01, 2004
Posts: 219

Originally posted by k mut:
what if a user types in the direct jsp page into the browser www.xamplesite.com/xample.jsp

No STRUTS action will be called, so that wont work.
how can i take care of it.I doesn't want to go thru menu.
nothing need to be submitted in that jsp page
just i need to call the struts action that gets datas from database, so the user will get updated information and the i wont verify any authentication for user this is just for some known user.


hello,
to prevent it, you can change the url-pattern at the web.xml to *.jsp (usually *.do), so if there is an url that try to access jsp page, it should be processed through the ActionServlet.

web.xml
=======
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>

Hope it helps


Hendy Setyo Mulyo


Hendy Setyo Mulyo
SCJP 1.4 (95%), SCWCD 1.4 (94%)
k mut
Greenhorn

Joined: Aug 26, 2005
Posts: 16
i will try this out
thankyou
 
 
subject: help me with struts
 
Similar Threads
Display String in new window
To perform an action onload of a jsp page only if it meets certain condition
Design question (struts/mvc)
Struts Menu Question
preventing direct access to JSP pages