Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Securing JSP's

 
sumev kohli
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

How to prevent the successfully logged in User from typing the earlier remembered URL�s pointing to specific Action (without navigating through the specified Links).
(Currently JSP's under Webcontent/resources)

Thanks
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're just concerned about not allowing access to JSPs then put them under /WEB-INF--the container has access to them, the user doesn't.

If you're concerned about enforcing application flow there are a number of solutions, many involving keeping session or request data holding current state, allowable "next state"s, etc.

Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic