hi,
i want to develop an web-application, which is made with the MVC-design.
all my request are managed by the controller-servlets and this dispatch the request to another
servlets or a
jsp. it works fine.
i have one problem:
if the "bad guy" calls the jsp directly it's works also without my controller-servlet and the security-checks.
- can i give the jsp and the servlet a role, so that only the controller can dispatch to a jsp ?
- servlet and a role works fine, but for a jsp i get different errors.....
- how can i solve this problem ? - is this the wrong solution ?
thanks a lot
heiner
[ October 22, 2002: Message edited by: heiner weilandt ]