Thanks for the information on disallowing direct access via chain-config!
I couldn't find any exceptions that were thrown while trying to access
WEB-INF$pages$welcome.
Craig McClanahan wrote:
I suspect an exception (due to not being able to directly access things
under /WEB-INF) is getting swallowed somewhere ... were there any exceptions
in the server logs? If not, I'll need to investigate why this scenario is
not being reported correctly.
One way to protect against direct access to JSP pages is to define a
<security-constraint> element that protects them. Another is to use Shale's
filtering capabilities. There is an example of this in the /WEB-INF/chain-
config.xml file of the Shale Use Cases example app. Note the section that
starts with the comment "Disallow direct access to JSP and JSF resources".
If you set up something like this inside the "preprocess" command of your
own chain-config.xml file, Shale will disallow access to any resource whose
context-relative path matches one of the specified regular expressions.
Craig
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
