struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Graham" <dgraham1...@hotmail.com>
Subject Re: Location of jsp files
Date Sat, 11 Jan 2003 20:39:17 GMT
Putting them under WEB-INF isn't portable because all containers don't 
necessarily support it.  You can set up a security constraint in web.xml to 
accomplish the same thing portably.

<security-constraint>
		<web-resource-collection>
			<web-resource-name>SecureAllJSPs</web-resource-name>
			<url-pattern>*.jsp</url-pattern>
		</web-resource-collection>

		<auth-constraint>
			<description>
				No roles should be able to access a JSP directly.  Everyone
				must go through the controller servlet.
			</description>
			<role-name>nobody</role-name>
		</auth-constraint>
	</security-constraint>

    <security-role>
    	<description>
    		Nobody should be in this role so jsp files are protected
    		from direct access.
    	</description>
    	<role-name>nobody</role-name>
    </security-role>







>From: "Jonathan Hodges" <jhodges@bham.rr.com>
>Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>To: <struts-user@jakarta.apache.org>
>Subject: Location of jsp files
>Date: Sat, 11 Jan 2003 09:31:24 -0600
>
>Hello,
>
>I was wondering what the best practice is for the location of my jsp
>files in my web application.  I was thinking about placing them in the
>WEB-INF directory so they couldn't be reached without going through the
>ActionServlet.  I guess I could accomplish the same thing with the right
>mapping the in the web.xml file as well.
>
>Any suggestions?
>
>Thanks in advance,
>
>Jonathan Hodges
>Infinity Insurance


_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message