Easiest thing to do is move your jsp files into the WEB-INF folder, which is not allowed to be requested directly per the servlet spec. That's a normal best practice kind of thing. Jsps should be protected just like the compiled .class and .jar files (siblings)
-----Original Message----- From: T Akhayo [mailto:t.akh...@gmail.com] Sent: Tuesday, July 12, 2011 4:35 PM To: stripes-users@lists.sourceforge.net Subject: [Stripes-users] Direct access to .jsp, no security manager (stripesstuff security) Good evening, I'm currently using the security interceptor from stripesstuff. It works like a charm. There is only one problem, when i access my .jsp pages directly (surf to .jsp page) the "allowed" jsp tag always grant access. When i go to a .action page (which forwards to the .jsp) everything works fine. I turned debugging on and found out that when going directly to a .jsp page the security interceptor doesn't insert the security manager in the current request. When using the "allowed" tag the debug message is: "there is no security manager; allowing access" Is there a way i can manually insert the security manager? Please note that i am using my own j2eesecuritymanager. Kind regards, T. Akhayo stripes-users@lists.sourceforge.net ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
