I don't have the exact fix you are looking for, but this (in web.xml)
will prevent direct access to anything with a jsp extension:
<security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Erik
[EMAIL PROTECTED] wrote:
I want to do both "hide my JSPs behind WEB-INF" and use "Struts modules".
and this does not work, I looked into the struts code. it does the
following
If the path of ActionForward starts with "/", it obtains the module
prefix and prefixes this to the path so...
If my path was say "/WEB-INF/pages/INY0010S.jsp" it becomes
"/iny/WEB-INF/pages/INY0010S.jsp"
( which is unwanted......I wanted..."/WEB-INF/pages/INY0010S.jsp" )
but if the path of ActionForward does not start with "/", it leaves
the path as it is ( i.e. does not prefix the module-prefix)
but then the requested URI becomes like this
http://<ipaddress>:<port>/<web-context-root><ActionForward-path>
instead of
http://<ipaddress>:<port>/<web-context-root>/<ActionForward-path>
so the problem is there is no slash - "/" before "<ActionForward-path>"
so if my path was "WEB-INF/pages/INY0010S.jsp" it searches for
"http://<ipaddress>:<port>/<web-context-root>WEB-INF/pages/INY0010S.jsp"
which gives error...Can anyone suggest the way out..?
or does this require a fix ? only a Quick resolution of this will be
able help.
Regards,
Puneet Agarwal
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com
------------------------------------------------------------------------
DISCLAIMER: The information contained in this message is intended only and solely for
the addressed individual or entity indicated in this message and for the exclusive use
of the said addressed individual or entity indicated in this message (or responsible
for delivery
of the message to such person) and may contain legally privileged and confidential
information belonging to Tata Consultancy Services. It must not be printed, read,
copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person
other than the
addressee. Unauthorized use, disclosure or copying is strictly prohibited and may
constitute unlawful act and can possibly attract legal action, civil and/or criminal.
The contents of this message need not necessarily reflect or endorse the views of Tata
Consultancy Services
on any subject matter. Any action taken or omitted to be taken based on this message
is entirely at your risk and neither the originator of this message nor Tata
Consultancy Services takes any responsibility or liability towards the same. Opinions,
conclusions and any other
information contained in this message that do not relate to the official business of
Tata Consultancy Services shall be understood as neither given nor endorsed by Tata
Consultancy Services or any affiliate of Tata Consultancy Services. If you have
received this message in error,
you should destroy this message and may please notify the sender by e-mail. Thank you.
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
