struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonios Gkogkakis <gkogk...@tcd.ie>
Subject Re: Best practice for protecting JSPs
Date Mon, 01 Jul 2013 08:44:35 GMT
What we've done is to create a filter (implement javax.servlet.Filter and
define it in web.xml )
and if the resource uri ends with .jsp we return an http 403 error.

Antonios


On 1 July 2013 09:38, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> 2013/7/1 Antonio Sánchez <juntandolineas@gmail.com>:
> > I need to protect JSPs. Some options:
> >
> > 1. Put JSPs under WEB-INF and, optionally, use the conventions plugin.
> >
> > 2. Declare authorization constraints in web.xml.
>
> These two options are the best to avoid direct access to JSPs - not
> all containers block access to resources in WEB-INF and fake auth
> constraints will sole that problem and it's an ultimate solution.
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message