| Author |
how to block direct access to jsp files?
|
david chan
Ranch Hand
Joined: Jun 10, 2002
Posts: 46
|
|
Hi,
I have this web.xml config works in tomcat, but doesn't work in WSAD 4.0.3 test environment. I wonder what need to set for WSAD. What I want is block the user direct access to jsp files, all content will be served by Struts action class.
here is my config on web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>blockJSPDirectAccess</web-resource-name>
<description>to block JSP direct access</description>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name></role-name>
</auth-constraint>
</security-constraint>
|
 |
David Hibbs
Ranch Hand
Joined: Dec 19, 2002
Posts: 374
|
|
From Ted Husted's struts design catalog (http://husted.com/struts/catalog.html), he advises putting all jsp files under WEB-INF/ and letting the servlet container protect them. To be honest, though, I haven't had the chance to try it since I saw this description. Maybe some time this week... 
[ June 19, 2003: Message edited by: David Hibbs ]
|
"Write beautiful code; then profile that beautiful code and make little bits of it uglier but faster." --The JavaPerformanceTuning.com team, Newsletter 039.
|
|
Vinod Bijlani
Ranch Hand
Joined: Mar 06, 2002
Posts: 133
|
|
try this
IN plugin-cfg.xml,
<AffinityURLIdentifier="jsessionid" Name="/urappuri/*.do"/>
instead of /urappuri/* put /urappuri/*.do
[ June 21, 2003: Message edited by: Vinod Bijlani ]
|
|
 |
|
|
subject: how to block direct access to jsp files?
|
|
|
0
