struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From punee...@tcs.com
Subject Re: Module and pages Behind WEB-INF don't work...???
Date Thu, 29 Jul 2004 08:08:10 GMT
Thanks Erik, this can actually be very useful. (I haven't tried it yet...)

Puneet Agarwal
Tata Consultancy Services
Mailto: puneet.a@tcs.com
Website: http://www.tcs.com



Erik Weber <erikweber@mindspring.com> 
07/29/2004 12:44 PM

Please respond to
"Struts Users Mailing List" <user@struts.apache.org>


To
Struts Users Mailing List <user@struts.apache.org>
cc

Subject
Re: Module and pages Behind WEB-INF don't work...???






I don't have the exact fix you are looking for, but this (in web.xml) 
will prevent direct access to anything with a jsp extension:

<security-constraint>
                 <web-resource-collection>
 <web-resource-name>no_access</web-resource-name>
                                 <url-pattern>*.jsp</url-pattern>
                 </web-resource-collection>
                 <auth-constraint/>
</security-constraint>


Erik



puneet.a@tcs.com wrote:

>
> I want to do both "hide my JSPs behind WEB-INF" and use "Struts 
modules".
>
> and this does not work, I looked into the struts code. it does the 
> following
>
> If the path of ActionForward starts with "/", it obtains the module 
> prefix and prefixes this to the path so...
> If my path was say "/WEB-INF/pages/INY0010S.jsp" it becomes 
> "/iny/WEB-INF/pages/INY0010S.jsp"
> ( which is unwanted......I wanted..."/WEB-INF/pages/INY0010S.jsp" )
>
>
> but if the path of ActionForward does not start with "/", it leaves 
> the path as it is ( i.e. does not prefix the module-prefix)
> but then the requested URI becomes like this
>
> http://<ipaddress>:<port>/<web-context-root><ActionForward-path>
>
> instead of
>
> http://<ipaddress>:<port>/<web-context-root>/<ActionForward-path>
>
> so the problem is there is no slash - "/" before "<ActionForward-path>"
>
> so if my path was "WEB-INF/pages/INY0010S.jsp" it searches for 
> "http://<ipaddress>:<port>/<web-context-root>WEB-INF/pages/INY0010S.jsp"
> which gives error...Can anyone suggest the way out..?
>
> or does this require a fix ? only a Quick resolution of this will be 
> able help.
>
> Regards,
> Puneet Agarwal
> Tata Consultancy Services
> Mailto: puneet.a@tcs.com
> Website: http://www.tcs.com
>
>------------------------------------------------------------------------
>
>DISCLAIMER: The information contained in this message is intended only 
and solely for the addressed individual or entity indicated in this 
message and for the exclusive use of the said addressed individual or 
entity indicated in this message (or responsible for delivery
>of the message to such person) and may contain legally privileged and 
confidential information belonging to Tata Consultancy Services. It must 
not be printed, read, copied, disclosed, forwarded, distributed or used 
(in whatsoever manner) by any person other than the
>addressee. Unauthorized use, disclosure or copying is strictly prohibited 
and may constitute unlawful act and can possibly attract legal action, 
civil and/or criminal. The contents of this message need not necessarily 
reflect or endorse the views of Tata Consultancy Services
>on any subject matter. Any action taken or omitted to be taken based on 
this message is entirely at your risk and neither the originator of this 
message nor Tata Consultancy Services takes any responsibility or 
liability towards the same. Opinions, conclusions and any other
>information contained in this message that do not relate to the official 
business of Tata Consultancy Services shall be understood as neither given 
nor endorsed by Tata Consultancy Services or any affiliate of Tata 
Consultancy Services. If you have received this message in error,
>you should destroy this message and may please notify the sender by 
e-mail. Thank you.
>
>
> 
>
>------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


ForwardSourceID:NT00003AEE 

Mime
View raw message