that was a 30 second solution amongst 100 different solutions<BR> so maybe you want to categorise the jsps and then enable / disable view/update/delete of the resources<BR> in those categories depending on the authenticated credentials of the user<BR> for this scenario you might want to look at portals and or content-management system<s><BR>
i would start here<BR> http://portals.apache.org/jetspeed-1/fusion.html<BR> Martin<BR> ______________________________________________ <BR> Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. > Date: Sat, 13 Sep 2008 17:32:29 -0700 > From: [EMAIL PROTECTED] > To: users@tomcat.apache.org > Subject: Question is answered. See Bill Barker-2 answer > > > Hi, Martin > Thanks for the answer > I see, what you mean, but the problem is slightly different > > The matter is that our users can change jsp files whatever they like via > administrative interface, so we want to restrict the use of scriplets in > these jsp's because of possible abuses > > Bill Barker-2 provided the comprehensive answer to this problem > > > mgainty wrote: > > > > > > use ths struts if tag to conditionally disable the code > > <%@ taglib prefix="s" uri="/struts-tags"%> > > > > <s:if test="%{false}"> > > <div>Will Not Be Executed</div> > > </s:if> > > > > http://struts.apache.org/2.0.11.2/docs/if.html > > datorită struts > > Martin > > ______________________________________________ > > Disclaimer and confidentiality note > > Everything in this e-mail and any attachments relates to the official > > business of Sender. This transmission is of a confidential nature and > > Sender does not endorse distribution to any party other than intended > > recipient. Sender does not necessarily endorse content contained within > > this transmission. > > > > > >> Date: Sat, 13 Sep 2008 08:58:59 -0700 > >> From: [EMAIL PROTECTED] > >> To: users@tomcat.apache.org > >> Subject: Re: Disable java code execution <%blabla%> in jsp, but permits > >> tags > >> > >> > >> We want them to be able to customize information they get from our system > >> by > >> using custom tags > >> > >> > >> H. Hall wrote: > >> > > >> > kazukin6 wrote: > >> >> Plz Help !! > >> >> Is it possible to disable all java code execution within jsp page (by > >> >> security manager or something) > >> >> but allow custom tags to be executed? > >> >> > >> >> The problem is that the users can change jsp files, and due to > >> security > >> >> reasons we can allow them to use only tags > >> >> > >> > Why are users allowed to change jsp files? > >> > > >> > HH > >> > > >> > > >> > > >> > -- > >> > H. Hall > >> > ReedyRiver Group LLC > >> > http://www.reedyriver.com > >> > > >> > > >> > --------------------------------------------------------------------- > >> > To start a new topic, e-mail: users@tomcat.apache.org > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > For additional commands, e-mail: [EMAIL PROTECTED] > >> > > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html > >> Sent from the Tomcat - User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To start a new topic, e-mail: users@tomcat.apache.org > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > _________________________________________________________________ > > Get more out of the Web. Learn 10 hidden secrets of Windows Live. > > http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 > > > > -- > View this message in context: > http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _________________________________________________________________ See how Windows connects the people, information, and fun that are part of your life. http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
