Hi, I have this web.xml config works in tomcat, but doesn't work in WSAD 4.0.3 test environment. I wonder what need to set for WSAD. What I want is block the user direct access to jsp files, all content will be served by Struts action class. here is my config on web.xml: <security-constraint> <web-resource-collection> <web-resource-name>blockJSPDirectAccess</web-resource-name> <description>to block JSP direct access</description> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <description></description> <role-name></role-name> </auth-constraint> </security-constraint>
From Ted Husted's struts design catalog (http://husted.com/struts/catalog.html), he advises putting all jsp files under WEB-INF/ and letting the servlet container protect them. To be honest, though, I haven't had the chance to try it since I saw this description. Maybe some time this week... [ June 19, 2003: Message edited by: David Hibbs ]
"Write beautiful code; then profile that beautiful code and make little bits of it uglier but faster." --The JavaPerformanceTuning.com team, Newsletter 039.