This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Websphere and the fly likes restrict access to jsp from WSAD/Websphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "restrict access to jsp from WSAD/Websphere" Watch "restrict access to jsp from WSAD/Websphere" New topic

restrict access to jsp from WSAD/Websphere

James Kesari

Joined: May 18, 2006
Posts: 16
Hello All,
I don't want to put the jsp's under WEB-INF folder.

I included the following in the web.xml. But still I am able to access the jsp's. Am i doing something wrong?
I am using WSAD 5.1.1

< security-constraint >< display-name >Access restticted to jsp< / display-name >
< web-resource-collection >
< web-resource-name >Restrict jsp< /web-resource-name >
< description >Restrict jsp< / description >
< url-pattern >/*.jsp< / url-pattern >
< http-method>GET< /http-method >
< http-method>PUT< /http-method >
< http-method>HEAD< /http-method >
< http-method>TRACE< /http-method >
< http-method>POST< /http-method >
< http-method>DELETE< /http-method >
< http-method>OPTIONS< /http-method >
< /web-resource-collection >
< /security-constraint >
[ July 25, 2006: Message edited by: James Kesari ]
Pawel Kwiatkowski

Joined: Jul 30, 2006
Posts: 3
Don't forget to specify which group is allowed to access jsp resources. In other words try to add auth-constraint within security-constraint element.

[ July 30, 2006: Message edited by: Pawel Kwiatkowski ]
I agree. Here's the link:
subject: restrict access to jsp from WSAD/Websphere
jQuery in Action, 3rd edition