Please disregard my previous post. I
Thank you.
At 03:20 PM 7/26/2004, you wrote:
In Tomcat 4, I would map request URLs to JSPs and handle the forwarding on the server side. Direct user access to JSPs was prevented using the following security constraint configuration:
<security-constraint> <display-name>JSP Protection</display-name> <web-resource-collection> <web-resource-name>JSPs</web-resource-name> <url-pattern>*.jsp</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>Administrator</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
This seems to not work with Tomcat 5 as the constraint is applied even though no direct request is made by the user. Is this change in behavior the result of a spec change? I could find no such clarification.
Thanks for the help.
Andrew
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]