15

I'm using struts 1.3 for my application and all jsp pages are forwarded through controller (action class). But If I access the jsp page directly, I'm able to access it. How do I prevent this?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Shwetanka
  • 4,976
  • 11
  • 44
  • 68

4 Answers4

15

put all your jsp-s inside WEB-INF folder (for example in WEB-INF/jsp folder) and dont forget to change your mapping regarding location of jsp-s.

Martin Gamulin
  • 3,855
  • 21
  • 25
  • 1
    +1 - WEB-INF hiding is the most commonly used method. If you read docs and examples they often use this setup. – pap Sep 02 '11 at 11:32
  • Seems Jetty doesn't allow this to work, unfortunately. Maybe a bad setting on my end? – Reinderien Jul 09 '19 at 18:10
3

Filters are used to bypass or interrupt the requests , so use the filters to restrict the request , if it not contains .do in url. Below is the good tutorial for filters

Filters

developer
  • 9,116
  • 29
  • 91
  • 150
2

I think the best option would be to put your web pages in the WEB-INF folder - that way they won't be directly accessible but then in your servlets you can have something like: 

public class ControllerServlet extends HttpServlet {

    /**
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

        String userPath = request.getServletPath();

        // if category page is requested
        if (userPath.equals("/category")) {
            // TODO: Implement category request

        // if cart page is requested
        } else if (userPath.equals("/viewCart")) {
            // TODO: Implement cart page request

            userPath = "/cart";

        // if checkout page is requested
        } else if (userPath.equals("/checkout")) {
            // TODO: Implement checkout page request

        // if user switches language
        } else if (userPath.equals("/chooseLanguage")) {
            // TODO: Implement language request

        }

        // use RequestDispatcher to forward request internally
        String url = "/WEB-INF/view" + userPath + ".jsp";

        try {
            request.getRequestDispatcher(url).forward(request, response);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

Taken from: http://netbeans.org/kb/docs/javaee/ecommerce/page-views-controller.html

Stanley Mungai
  • 4,044
  • 30
  • 100
  • 168
LordDoskias
  • 3,121
  • 3
  • 30
  • 44
1

You can use filters and restrict the request with url which ask for .jsp pages and only allow requests which ask for .do

Rahul Choudhary
  • 3,789
  • 2
  • 30
  • 30