I was reading this book "Struts 2 in Action" and in chapter six of that book, the author has explained about the use of user-define interceptor, which the author demonstrates by using it to validate
the user. The interceptor, simply checks for user in the session map, if not represents direct the user to login page. But I have a doubt in the robustness of the solution, because most of the
action simply diverts the user to an existing
jsp page, if the user some how manages to guess the jsp pages, then our security goes for a toss..
Should I consider it just an example or interceptor can actually be used to provide flawless security.. if so how?
experts please voice your view..
Thanks