struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maya Muchnik <mmuch...@pumatech.com>
Subject Re: Why should you call JSP pages directly?
Date Thu, 01 Mar 2001 18:37:12 GMT
One way, as I know, is to put all jsp, except index.jsp (or similar start up)
under a protected directory. For Tomcat the secure directory is setup in web.xml
(see web.xml for webapps/example, directory is example/jsp/security/protected).
See also Tomcat instruction (I need refresh my memory myself).

The other ways are in the email achieves:
Q, and A http://www.mail-archive.com/struts-user@jakarta.apache.org/msg03611.html

http://www.mail-archive.com/struts-user@jakarta.apache.org/msg03684.html
(I am not sure that I know how to do this)

Q and A. http://www.mail-archive.com/struts-user@jakarta.apache.org/msg03737.html



John Raley wrote:

> So how does one protect JSP's from direct invocation?  Is there a
> server-independent way?  (I'm using Tomcat, so that would also be good to
> know.)
>
> Maya Muchnik wrote:
>
> > Hello, Jens again,
> > I am totally agree with you, but to make it works somebody (a designer) must
> > to "protect" jsp files. Several people told me how to do this. About logic
> > JSP again it is the designer question. Of course, it is better to have JSP
> > only for view. Sometimes, it is difficult, and required everything to be
> > redesigned.
> > Maya
> >
> > Jens Rehpöhler wrote:
> >
> > > Hallo Maya,
> > >
> > > Maya Muchnik wrote:
> > >
> > > > Hi, Jens,
> > > > When I had asked a question about calling jsp directly, I was concerned,
> > > > that a user can see a directory or see a link (as I do) and call this
> > > > jsp directly from a browser query / input line. The user likes to
> > > > experiment.
> > > > That is all. He does not know what is a view jsp or logic jsp.
> > >
> > > That is the point: a user should never have the possibility to come in
> > > contact with a JSP. And a JSP should never contain any business logic.
> > >
> > > Jens


Mime
View raw message