Husted [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2003 5:33 PM
> To: Struts Users Mailing List
> Subject: Re: block direct access to JSP files
>
> I sometimes setup a security constraint (like the others shown on this
> thread) to block access to JSPs -- thought, not
I sometimes setup a security constraint (like the others shown on this
thread) to block access to JSPs -- thought, not to block access from
users but to block access from page authors!
If your application is following the Struts best practice of putting all
JSPs behind actions, your users neve
t; normal J2EE standard, which is not true in WSAD.
>
> David
>
> - Original Message -
> From: "Pingili, Madhupal" <[EMAIL PROTECTED]>
> Date: Thursday, June 19, 2003 1:55 pm
> Subject: RE: block direct access to JSP files
>
> > Hi,
> &
dhupal" <[EMAIL PROTECTED]>
Date: Thursday, June 19, 2003 1:55 pm
Subject: RE: block direct access to JSP files
> Hi,
> I found a thread related to this: subject: Protecting JSPs using
> security-constraint
> Basically, the solution suggested was:
>
>
List; [EMAIL PROTECTED]
> Subject: Re: block direct access to JSP files
>
> Hi,
>
> You may put all your jsp under the WEB-INF directory, so
> they are not available for user. But the application still
> work, because all navigation is done by the struts
> controler. It
target for all your forward. It should be done by
find/replace ...
Regards,
Emmanuel
- Message d'origine -
De : "Takfung Chan" <[EMAIL PROTECTED]>
À : "Struts Users Mailing List"
<[EMAIL PROTECTED]>
Envoyé : jeudi 19 juin 2003 18:10
Objet : block direct
Hi,
I have a Struts based application and would like to block all direct
access to JSP files by user, so if a user typing a URL point to a JSP
file directly, it will fail. I did a change to web.xml but not working
on Websphere 4.0.3 (I should post to websphere news group but I hope
some one he
7 matches
Mail list logo