It seemed to be a bug only on NT. On Solaris it works. Regards Stefan -----Ursprungliche Nachricht----- Von: Matt Raible [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 31. August 2001 16:43 An: [EMAIL PROTECTED] Betreff: RE: Can't place JSP beneath WEB-INF in WebLogic 6.0 I found out this morning that this is a bug in iPlanet. I received the response below from a post to the iPlanet newsgroup. I also found that the mcom.ias newsgroup is behind iPlanet's firewall, so don't waste your time looking for it. Matt -----Original Message----- From: Klaus Stake [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 12:14 AM To: Matt Raible Subject: Re: Security Bug?? Accessing WEB-INF/web.xml from a URL This is known bug previously discussed in the following thread (search in the newsgroup mcom.ias): !!From - Fri Aug 31 08:12:02 2001 !!From: [EMAIL PROTECTED] (David Ogren) !!Newsgroups: mcom.ias !!Subject: Can someone cross-check this sp3 security concern Matt Raible wrote: > I can access http://localhost/NASApp/myApp/WEB-INF/web.xml (or any other > files in WEB-INF) from my browser! This can't be right. How do I turn this > off? > > Hopefully, I can do this in the appserver, but if not, please tell me how to > do it in the webserver. I am using iWS 4.1 & iWS 6.0 on 2 different > machines. > > Thanks, > > Matt > > --- "Paradis,_Andre" <[EMAIL PROTECTED]> wrote: > I have to tell you, in iPlanet app server 6.0 SP2, JSPs under WEB-INF > are accessible from the browser > by typing something like: http://host/NASApp/appname/WEB-INF/some.jsp. > I tought the container where supposed to protect JSPs placed there? > > Andre > > -----Original Message----- > From: Luna, Katherine [mailto:[EMAIL PROTECTED]] > Sent: August 31, 2001 9:03 AM > To: [EMAIL PROTECTED] > Subject: Can't place JSP beneath WEB-INF in WebLogic 6.0 > > > > > Hi all. > > After reading the new Struts Catalogue, I would like to move all my > jsp's beneath WEB-INF. However, as soon as I do that, WebLogic can't > seem to find them. > > My struts-config.xml looks like this: > <!-- Process a user logon --> > <action path="/logon" > type="com.emergis.cvconlinereport.logon.LogonAction" > name="logonForm" > scope="request" > input="/logon.jsp"> > <forward name="success" > path="/WEB-INF/pages/reportSearch.jsp"/> > <forward name="failure" path="/logon.jsp"/> > </action> > > where login.jsp was the entry page (located at the root of the app) and > all other pages are now in WEB-INF/pages > > The server log file doesn't show any errors, but I get a 404 NotFound > error instead of reportSearch.jsp > Is there something else I need to configure to tell WebLogic 6.0 to look > beneath WEB-INF for the jsp pages? > > Thanks! > > kat > > __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com