Even I am facing the same problem.
<security-constraint>
<web-resource-collection>
<web-resource-name>All JSP direct access</web-resource-name>
<url-pattern>/pages/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>
No Access
</description>
<role-name>restricted</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>NO Access</description>
<role-name>restricted</role-name>
</security-role>
Up on restricting as given above, the container is not allowing the
struts to access the JSP page. Its asking for a user name and password.
Where I am wrong here?
My requirement is that, user should be able to access the jsp pages only
through the actions.
Regards
Vishnu
-----Original Message-----
From: Kishan G. Chellap Paandy
[mailto:[email protected]]
Sent: 23 June 2009 07:06
To: Struts Users Mailing List
Subject: RE: how to prevent users from directly accessing jsp files
I tried something like below it worked
<security-constraint>
<web-resource-collection>
<web-resource-name>All JSP direct access</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>
No Access
</description>
<role-name>restricted</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>NO Access</description>
<role-name>restricted</role-name>
</security-role>
Thank you.
Regards,
Kishan.G
Team Leader.
www.spansystems.com
-----Original Message-----
From: Girish Naik [mailto:[email protected]]
Sent: Friday, June 19, 2009 8:19 PM
To: Struts Users Mailing List
Subject: Re: how to prevent users from directly accessing jsp files
But in that case the css, images, js is compromised rite?
What if I want all to be secured?
Regards,
---------------------------------------------------------
Girish Naik
Mobile:-+91-09740091638
[email protected]
Fran
Lebowitz<http://www.brainyquote.com/quotes/authors/f/fran_lebowitz.html>
- "Life is something to do when you can't get to sleep."
On Fri, Jun 19, 2009 at 7:15 PM, Greg Lindholm
<[email protected]>wrote:
> > I tried putting the below string in web.xml, but all my css, js
from
> the
> > application got blocked. But pages are coming. Is something missing
or
> some
> > extra thing to be done?
> >
> > <security-constraint>
> > <display-name>Prevent access to raw pages.</display-name>
> > <web-resource-collection>
> > <web-resource-name>Raw Pages</web-resource-name>
> > <url-pattern>/struts/*</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <description>No roles, so no direct access</description>
> > </auth-constraint>
> > </security-constraint>
> >
> >
> >
> > Regards,
> > ---------------------------------------------------------
> > Girish Naik
> >
>
> The way this security constraint works is it prevents direct access to
the
> area defined
> by the <url-pattern>/struts/*</url-pattern> elements (you can have
> multiple). In this case
> we put our jsp files under /struts/ folder.
>
> You can name the folder whatever you like but only put jsp files in
it.
> You
> need to put
> your css and js file someplace else.
>
> Our typical layout for webroot is:
> /
> css/
> images/
> js/
> struts/
> WEB-INF/
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
