Due to standards beyond my control I had to move my jsps from beneath
/WEB-INF/jsp to /jsp. In order to prevent access to my jsps I added a
security-constraint, blocking access to the jsps. Unfortunately, now none of
my tiles display properly, instead I get the error message:
[Exception in:/jsp/body/home_body.jsp] Response has already been committed
for all the protected pages. The problem is that for each protected page,
its trying to authenticate the user using the FORM authentication that I
have set-up (this is a separate security-constraint from the
jsp protection). All I want to prevent is direct access to the jsp, not access
through other means (e.g. action/tile).
Thanks.