A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Win a copy of
Refactoring for Software Design Smells: Managing Technical Debt
this week in the
OO, Patterns, UML and Refactoring
restrict access to jsp from WSAD/Websphere
Joined: May 18, 2006
Jul 25, 2006 06:43:00
I don't want to put the
's under WEB-INF folder.
I included the following in the web.xml. But still I am able to access the jsp's. Am i doing something wrong?
I am using WSAD 5.1.1
< security-constraint >< display-name >Access restticted to jsp< / display-name >
< web-resource-collection >
< web-resource-name >Restrict jsp< /web-resource-name >
< description >Restrict jsp< / description >
< url-pattern >/*.jsp< / url-pattern >
< http-method>GET< /http-method >
< http-method>PUT< /http-method >
< http-method>HEAD< /http-method >
< http-method>TRACE< /http-method >
< http-method>POST< /http-method >
< http-method>DELETE< /http-method >
< http-method>OPTIONS< /http-method >
< /web-resource-collection >
< /security-constraint >
[ July 25, 2006: Message edited by: James Kesari ]
Joined: Jul 30, 2006
Jul 30, 2006 15:49:00
Don't forget to specify which group is allowed to access jsp resources. In other words try to add auth-constraint within security-constraint element.
[ July 30, 2006: Message edited by: Pawel Kwiatkowski ]
I agree. Here's the link:
subject: restrict access to jsp from WSAD/Websphere
Securing a servlet based on request params
repost: how to block direct access to jsp files?
how to block direct access to jsp files?
Adding users and roles
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2015