struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Pitts <jpi...@tahc.state.tx.us>
Subject Re: calling actions directly
Date Thu, 05 Jun 2003 15:02:15 GMT
Brian,

If you put all your jsp's inside a the WEB-INF directory, they will not 
be accessible directly -- only through an action.  I think this is part 
of the jsp specification that nothing can be directly served out of 
this special directory..Otherwise, a user could pull up configuration 
files that reside there -- web.xml for example.....For example, I have 
a directory structure containing jsp's under WEB-INF/jsp in my current 
web application....Hope this helps!
--nathan


On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote:

> Ah yes,
>
>> Perhaps what you're thinking of is that JSP files should not be called
>> directly or bookmarked. They should be hidden from the user 
>> completely,
> and
>> only accessible through an action.
>
> that was it - sorry - stupid of me.
> Could you tell me how to secure the jsps so that they are only a 
> result of
> the action?
> cheers,
> Brian
>
>
> ----- Original Message -----
> From: "Kruse, Matt" <MKruse@aquent.com>
> To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
> Sent: Thursday, June 05, 2003 3:12 PM
> Subject: RE: calling actions directly
>
>
>>> I read that one of the things about struts is the actions are
>>> only able to be called from the pages directly. Ie, you
>>> shouldn't be able to bookmark the actions themselves like:
>>> http://myhost/myaction.do
>>
>> Where did you hear this? That's totally not true - any action can be
> called
>> directly as long as it has a mapping. It's just a URL. Otherwise, how
> would
>> you enter the first action? :)
>>
>> Perhaps what you're thinking of is that JSP files should not be called
>> directly or bookmarked. They should be hidden from the user 
>> completely,
> and
>> only accessible through an action.
>>
>> Matt Kruse
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>



=============================
Nathan Pitts
Programmer Analyst
Texas Animal Health Commission
=============================


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message