struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Sánchez <juntandolin...@gmail.com>
Subject Re: Best practice for protecting JSPs
Date Mon, 01 Jul 2013 08:47:33 GMT
I mean denying access to JSPs by URL or some other means. Make JSPs private 
content. 

El Lunes, 1 de julio de 2013 08:28:10 umeshawasthi@gmail.com escribió:
> Protecting JSP in what way?
> Though putting them under WEB-INF is a good approach
> 
> But you need to provide more information about what kind of protection you
> want to have 
 Sent from BlackBerry® on Airtel
> 
> -----Original Message-----
> From: Antonio Sánchez <juntandolineas@gmail.com>
> Date: Mon, 01 Jul 2013 10:24:15 
> To: <user@struts.apache.org>
> Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
> Subject: Best practice for protecting JSPs
> 
> I need to protect JSPs. Some options:
> 
> 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin. 
> 
> 2. Declare authorization constraints in web.xml.
> 
> 3. Use some external tool, perhaps Spring Security.
> 
> 4. Some other options. 
> 
> Which is the best practice in Struts2?
> 
> Thanks. 
> 
> 
Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message