This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Hello everyone, does the Servlet spec offer any means to deny remote access to all resources of a specific type (let's day *.include), but allow to include()/forward() them from another Servlet in the same context? Regards, Andreas
I don't recall the spec saying anything about this specifically. However, there are some solutions. You could place the included files in a protected directory, denying all privileges through your web.xml settings (you could still include and forward I believe).
Thanks for your reply. Adding <security-constraint> <web-resource-collection> <url-pattern>*.include</url-pattern> </web-resource-collection> <auth-constraint/> </security-constraint> to web.xml works as expected. Regards, Andreas
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com