I have two issues with struts2 that are somewhat related. I should also mention that all of my jsps are in WEB-INF so they can't be directly accessed by typing in ../page.jsp, but they CAN be accessed by typing in ../page.
First, lets say I want to implement Registration functionality in my website. I have register-form.jsp. This is the form that contains the fields that the user needs to enter. The user clicks a link or navigates to ../register-form and is presented with register-form.jsp. The user submits to an action ../register and Register.java handles this, then automatically fetches the result page ../register.jsp. The user can't navigate to ../register.jsp by typing "../register.jsp" because this is disallowed, nor can the user navigate to ../register.jsp by typing "../register" because it will always call the action, Register.java. This is what I want. The convention plugin also allows for automatically fetching result pages ending in -success. If I rename register.jsp to register-success.jsp, everything works fine EXCEPT that because I don't have an action named RegisterSuccess.java, a user CAN access register-success.jsp by typing "../register-success". How can I prevent this?
Second, lets say that now that I have Registration functionality, I want login functionality. Some pages on my site will be secure pages, located at ../secure/.. and can only be accessed when the user is logged in. If the user types ../secure/some-action, and there is a class SomeAction, the interceptor for handling authentication will check that the user is logged in before allowing access to some-action.jsp. However, that means I need to have an action for every jsp page. Some of these jsp pages might just be forms though. I don't want to have empty action classes for every page if I don't need to. Is that possible?
Thanks!