Re: Disable JSP ?
But you can do: /view/* Just put your protected pages under a protected directory. Hicks, James wrote: >You can use the and tags in your >deployment description to block access to a JSP page. The only problem with >this is you have to list every single jsp file you want to protect. You >cant use the '*.jsp' expression to hide all jsp files. >
RE: Disable JSP ?
Some people put JSP files in their WEB-INF directory. No direct access is allowed by a user to anything under the WEB-INF directory, but you can forward a user there and do includes from there. I've done this to hide JSP template pages. David --- "Hicks, James" <[EMAIL PROTECTED]> wrote: > You can use the and > tags in your > deployment description to block access to a JSP > page. The only problem with > this is you have to list every single jsp file you > want to protect. You > cant use the '*.jsp' expression to hide all jsp > files. > > --- start web.xml --- > > > > hiddenrole > > > > > noaccess > /myFile.jsp > /myOtherFile.jsp > > > hiddenrole > > > > --- end web.xml --- > > James Hicks > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 14, 2001 8:19 AM > To: [EMAIL PROTECTED] > Subject: Disable JSP ? > > Hello struts users, > I just have a little question about application > server > configuration. Well, i never use direct link between > JSP, > i always use Action even if there is nothing to do, > then > I can control the path of users into my site. > That's why I don't want user be able to call > directly a > JSP. I tried to disable JSP access in my web.xml > file but > it works too good. Indeed, even Action forwarding > (JSP) > are concerned about this rule, so I can't visualize > any > JSP. > Here is the concerned code in (web.xml): > > controlFlowException > controlFlowException.jsp > > > > > controlFlowException > *.jsp > > __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
RE: Disable JSP ?
You can use the and tags in your deployment description to block access to a JSP page. The only problem with this is you have to list every single jsp file you want to protect. You cant use the '*.jsp' expression to hide all jsp files. --- start web.xml --- hiddenrole noaccess /myFile.jsp /myOtherFile.jsp hiddenrole --- end web.xml --- James Hicks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, May 14, 2001 8:19 AM To: [EMAIL PROTECTED] Subject: Disable JSP ? Hello struts users, I just have a little question about application server configuration. Well, i never use direct link between JSP, i always use Action even if there is nothing to do, then I can control the path of users into my site. That's why I don't want user be able to call directly a JSP. I tried to disable JSP access in my web.xml file but it works too good. Indeed, even Action forwarding (JSP) are concerned about this rule, so I can't visualize any JSP. Here is the concerned code in (web.xml): controlFlowException controlFlowException.jsp controlFlowException *.jsp
RE: Disable JSP ?
I agree with you, but I want the users can't enter JSP adresses directly in their explorer, but they can access the page through an Action. With your method struts forward the request to the good page but this page can't be displayed (because it's in the WEB-INF directory), perhaps there is something to change in my web.xml? -Message d'origine- De : Dan Miser [mailto:[EMAIL PROTECTED]] Envoyé : lundi 14 mai 2001 15:47 À : [EMAIL PROTECTED] Objet : Re: Disable JSP ? If you don't want your users to access the JSP pages, place them in (or underneath) the WEB-INF directory. You still need to have the JSP processor as normal in web.xml. -- Dan Miser http://www.distribucon.com >From: "[EMAIL PROTECTED]" >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Disable JSP ? >Date: Mon, 14 May 2001 14:18:56 +0100 > >Hello struts users, >I just have a little question about application server >configuration. Well, i never use direct link between JSP, >i always use Action even if there is nothing to do, then >I can control the path of users into my site. >That's why I don't want user be able to call directly a >JSP. __ ___ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: Disable JSP ?
If you don't want your users to access the JSP pages, place them in (or underneath) the WEB-INF directory. You still need to have the JSP processor as normal in web.xml. -- Dan Miser http://www.distribucon.com >From: "[EMAIL PROTECTED]"<[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Disable JSP ? >Date: Mon, 14 May 2001 14:18:56 +0100 > >Hello struts users, >I just have a little question about application server >configuration. Well, i never use direct link between JSP, >i always use Action even if there is nothing to do, then >I can control the path of users into my site. >That's why I don't want user be able to call directly a >JSP. _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Disable JSP ?
Hello struts users, I just have a little question about application server configuration. Well, i never use direct link between JSP, i always use Action even if there is nothing to do, then I can control the path of users into my site. That's why I don't want user be able to call directly a JSP. I tried to disable JSP access in my web.xml file but it works too good. Indeed, even Action forwarding (JSP) are concerned about this rule, so I can't visualize any JSP. Here is the concerned code in (web.xml): controlFlowException controlFlowException.jsp controlFlowException *.jsp