I am developing a sling WCMS.
When I call address [e.g. 'http://localhost:8080/apps/bcms/pages/test.jsp'] of a page in the browser, a save dialog box will appear and ask to save jsp file.
How to prevent jsp pages accessible via direct addressing?
Just remove the permissions for anonymous. The script resolution and execution runs with the script user.