struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hello_everyone <hello.sw...@gmail.com>
Subject Re: .do and .jsp
Date Fri, 05 Dec 2008 09:01:15 GMT
so how can i solve .do issue. the jsp files are not under WEB-INF. so in
struts-config.xml it requires path to jsp. and if i try with .do, it finds
nothing.

regards

On Thu, Dec 4, 2008 at 6:22 PM, Greg Lindholm <glindholm@yahoo.com> wrote:

>
> You don't need to keep your jsp's under WEB-INF, you can setup a security
> constraint to prevent access to your raw jsp files.
>
> We keep our jsp's in a /struts folder and use this security constraint in
> the web.xml file.
> The key is the constraint has no roles so no access is allowed.
>
>        <security-constraint>
>                <display-name>Prevent access to raw pages.</display-name>
>                <web-resource-collection>
>                        <web-resource-name>Raw Pages</web-resource-name>
>                        <url-pattern>/error.jsp</url-pattern>
>                        <url-pattern>/struts/*</url-pattern>
>                        <url-pattern>/META-INF/*</url-pattern>
>                </web-resource-collection>
>                <auth-constraint>
>                        <description>No roles, so no direct
> access</description>
>                </auth-constraint>
>        </security-constraint>
>
>
> Paul Benedict-2 wrote:
> >
> > Definitely move them under WEB-INF. Otherwise, you can never enforce
> > people going through your action if they know the JSP address.
> >
> > At any rate, you can just put the JSP file in the path of the <forward>
> >
> > Paul
> >
>
> --
> View this message in context:
> http://www.nabble.com/.do-and-.jsp-tp20787624p20838128.html
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message