If you don't want to expose your jsp's by url, place your files under /WEB-INF directory of your web application. You do not need to declare in web descriptor.
Ashish Kulkarni <[EMAIL PROTECTED]> wrote: Hi I dont want anyone to access them, still do i have to add auth-constraint in web.xml file?? if yes how do i add them with no user?? Ashish --- Saravanan Veerappan wrote: > Can you post the entire web descriptor? i don't see > auth-constraint specified in the snippet. You need > to apply authorization constraint to protect your > pages/ > > Ashish Kulkarni > wrote:Hi > I want to secure all my jsp in my web application, > I added following security constraint in my web.xml > file, but some how seems it does not work > > > Block Access to jsp > files > This is to block access to all jsp > files > *.jsp > POST > GET > > > > what may be the reason?? > > Ashish > > ===== > A$HI$H > > > > __________________________________ > Do you Yahoo!? > The all-new My Yahoo! - Get yours free! > http://my.yahoo.com > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > --------------------------------- > Do you Yahoo!? > Discover all that’s new in My Yahoo! ===== A$HI$H __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Do you Yahoo!? The all-new My Yahoo! – Get yours free!
