struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Feller" <Emmanuel.Fel...@free.fr>
Subject Re: block direct access to JSP files
Date Thu, 19 Jun 2003 17:43:17 GMT
Hi,

You may put all your jsp under the WEB-INF directory, so
they are not available for user. But the application still
work, because all navigation is done by the struts
controler. It is simple and work fine with all app server.

You must change your struts-config.xml to reflect the
changes of target for all your forward. It should be done by
find/replace ...

Regards,
Emmanuel
----- Message d'origine -----
De : "Takfung Chan" <davidchantf@comcast.net>
À : "Struts Users Mailing List"
<struts-user@jakarta.apache.org>
Envoyé : jeudi 19 juin 2003 18:10
Objet : block direct access to JSP files


> Hi,
>  I have a Struts based application and would like to block
all direct
> access to JSP files by user, so if a user typing a URL
point to a JSP
> file directly, it will fail. I did a change to web.xml but
not working
> on Websphere 4.0.3 (I should post to websphere news group
but I hope
> some one here already did the same thing)
>  here is my web.xml config relate to this web resource
protection, It
> works fine on tomcat, but never in Websphere, any idea?
>
> <security-constraint>
>   <web-resource-collection>
>   <web-resource-name>blockJSPDirectAccess</web-resource-
> name>
>   <description>to block JSP direct access</description>
>   <url-pattern>*.jsp</url-pattern>
>   </web-resource-collection>
>   <auth-constraint>
>   <description></description>
>   <role-name></role-name>
>   </auth-constraint>
>   </security-constraint>
>
>
>
>
> ----------------------------------------------------------
-----------
> To unsubscribe, e-mail:
struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
struts-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message