struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Wilson-Billing" <scot...@btconnect.com>
Subject Re: Place all Java ServerPages below WEB-INF
Date Sun, 26 Aug 2001 21:34:16 GMT
I should have mentioned that the actual configuration goes in the web server
conf (apache in the example I gave).

Scott
----- Original Message -----
From: "Scott Wilson-Billing" <scottwb@btconnect.com>
To: <struts-user@jakarta.apache.org>
Sent: Sunday, August 26, 2001 10:29 PM
Subject: Re: Place all Java ServerPages below WEB-INF


> NASApp is iPlanet's way of passing stuff from the web server to the web
> container - it's used as a tag. Anything with NASApp in the URL is auto
> forwared to the web container. Rules for denying access to stuff below
> WEB-INF is normally configured in the web container. Maybe the iPlanet web
> container needs configuring. Here's a Tomcat example:-
>
> #
> # The following line prohibits users from directly accessing WEB-INF
> #
> <Location "/myApp/WEB-INF/">
>     AllowOverride None
>     deny from all
> </Location>
>
> Scott Wilson-Billing
>
>
> ----- Original Message -----
> From: "Ted Husted" <husted@apache.org>
> To: <struts-user@jakarta.apache.org>
> Sent: Sunday, August 26, 2001 7:49 PM
> Subject: Re: Place all Java ServerPages below WEB-INF
>
>
> > That directory structure doesn't look quite right to me. Usually, the
> > URL would be
> >
> > http://localhost/myApp/WEB-INF/pages/pageName.jsp
> > [can't get there from here ;-)]
> >
> > where there may have been a myApp.war that deployed the application.
> >
> > -T.
> >
> > Matt Raible wrote:
> > >
> > > In Ted Husted's Catalog at http://husted.com/about/struts/catalog.htm,
> he
> > > states the following:
> > >
> > > Place all Java ServerPages below WEB-INF
> > > The container provides security for all files below WEB-INF. This
> applies to
> > > client requests, but not forwards from the ActionServlet. Placing all
> JSPs
> > > below WEB-INF ensure that they are only accessed through Actions, and
> not
> > > directly by the client or each other. This allows security to be moved
> up into
> > > the Controller, where it can be handled more efficiently, and out of
the
> base
> > > presentation layer.
> > >
> > > I have done this and put all my pages at WEB-INF/pages.  However, I
can
> still
> > > get to them by typing
> http://localhost/NASApp/myApp/WEB-INF/pages/pageName.jsp
> > > - so I don't see how "security is provided."  Maybe it's an iPlanet
> thing, but
> > > here is my directory structure:
> > >
> > > APPS
> > >      - app
> > >           - wardir
> > >                - WEB-INF
> > >                - pages
> > >           - eardir
> > >
> > > Thanks,
> > >
> > > Matt
> >
>
>


Mime
View raw message