Java Reference
In-Depth Information
Notice the
<servlet-mapping>
tag. Because we like to feel as if we are clever,
we decided to depart from the standard
.do
extension to map requests to the
ActionServlet
. Instead of the standard
.do
, we have gone with an
.shtml
. The
only reason for this is to jokingly make it look as if we are using an old technology.
Who knows—perhaps it will also deter a few people from trying to hack the site
(not likely).
When using Struts, it is important to prevent direct access to
JSP
pages. All
JSP
pages that are used by JGameStore are placed under the pages directory. Since all
the
JSP
pages are under a directory, we can simply prevent direct access to that
directory (listing 14.2). This ensures that access to the
JSP
pages goes through the
Struts
ActionServlet
.
Listing 14.2
security configuration in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>
Restrict access to JSP pages
</web-resource-name>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>
With no roles defined, no access granted
</description>
</auth-constraint>
</security-constraint>
Having set up our
web.xml
, we can focus on creating the specific classes and con-
figurations for the Struts presentation layer. We'll go into some detail on taking
advantage of Struts'
BeanAction
approach.
14.6 Setting up the presentation
Because the catalog is the portion of the application that is used first by shopping
cart visitors, let's focus our efforts next on setting up the presentation portion that
supports it.
14.6.1
The first step
When a visitor arrives in JGameStore, they are greeted with an initial page. It is an
important rule in web applications that when using Struts you
always
forward
