I can successfully move all the files into /WEB-INF/subfolder (WEB-INF is protected by default) except the images/ folder. It seems that I have to leave it outside - in the webapp root. I am using Tomcat 5.0.16. Is it a defect or it is like this ?
--- "Karr, David" <[EMAIL PROTECTED]> wrote: > Put all JSP pages that can't be accessed directly > into a security constraint, only accessible by the > role "nobody", which you will never add a user to. > All accesses of JSPs will be through forwards from > actions, which will not be blocked by that security > constraint (unless you either have a broken web > container or a Servlet 2.4 container where you've > enabled auth on forward). > > -----Original Message----- > From: J黵gen Scheffler > [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 15, 2004 8:15 AM > To: [EMAIL PROTECTED] > Subject: JSP Protection > > > Hi, > > how do i block URL guessing? > if someone requests abc.com/secret_page.jsp > he gets it. In my Action i check if the user object > has the right rights for this action and then i > forward him. But if guesses the jsp, he opens it. > > Help me! > > J黵gen > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
