well, tiles is to assemble your jsp fragments. it's not meant to be used to secure access.
should you want to avoid that users enter an action path directly, you need to secure the actions (typically with a mandatory login)
hope this helps, jan
Grigory O. Ptashko
Joined: Jan 26, 2006
I am asking about how to move some actions from users at all. It doesn't matter whether a user is registered or not. Just as like you move jsp pages to WEB-INF/jsp to prevent direct client's access to them.
I want to use some actions only from my jsp. Did you get the point?
Joined: Feb 03, 2004
yes, i think i got the point.
to my best knowledge, this is not possible unless you provide some mechanics that enable the action to distinguish / recognize its invoker.
a fairly easy approach would be to write an object into the session and let the action check its existence. if you don't want to call this a login, we can also name it foobar or so :-)