Hi
We ran into a similar problem before & if I remember correct, secure the
<url-pattern> in your web.xml properly. The url that you put inside this tag is
crucial. In our old struts based application our web.xml went like this :-
<welcome-file-list>
| <welcome-file>jsp/welcome.jsp</welcome-file>
| </welcome-file-list>
| <error-page>
| <error-code>500</error-code>
| <location>/jsp/error.jsp</location>
| </error-page>
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>SecurePages</webresource-name>
| <description>
| Security constraint testing using custom Jaas Module
| </description>
| <url-pattern>*.do</url-pattern>
| <http-method>POST</http-method>
| <http-method>GET</http-method>
| </web-resource-collection>
So basically anything that goes to Struts Action Servlet is protected. Plus Users are not
exposed to the jsp's directly. Even if they book-mark a page, they are redirected to
welcome page
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169433#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...