File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Websphere and the fly likes how to block direct access to jsp files? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "how to block direct access to jsp files?" Watch "how to block direct access to jsp files?" New topic

how to block direct access to jsp files?

david chan
Ranch Hand

Joined: Jun 10, 2002
Posts: 46
I have this web.xml config works in tomcat, but doesn't work in WSAD 4.0.3 test environment. I wonder what need to set for WSAD. What I want is block the user direct access to jsp files, all content will be served by Struts action class.
here is my config on web.xml:
<description>to block JSP direct access</description>
David Hibbs
Ranch Hand

Joined: Dec 19, 2002
Posts: 374
From Ted Husted's struts design catalog (, he advises putting all jsp files under WEB-INF/ and letting the servlet container protect them. To be honest, though, I haven't had the chance to try it since I saw this description. Maybe some time this week...
[ June 19, 2003: Message edited by: David Hibbs ]

"Write beautiful code; then profile that beautiful code and make little bits of it uglier but faster." --The team, Newsletter 039.
Vinod Bijlani
Ranch Hand

Joined: Mar 06, 2002
Posts: 133
try this
IN plugin-cfg.xml,
<AffinityURLIdentifier="jsessionid" Name="/urappuri/*.do"/>
instead of /urappuri/* put /urappuri/*.do
[ June 21, 2003: Message edited by: Vinod Bijlani ]
I agree. Here's the link:
subject: how to block direct access to jsp files?
It's not a secret anymore!