struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Raible <>
Subject Place all Java ServerPages below WEB-INF
Date Sun, 26 Aug 2001 16:22:58 GMT
In Ted Husted's Catalog at, he
states the following:

Place all Java ServerPages below WEB-INF
The container provides security for all files below WEB-INF. This applies to
client requests, but not forwards from the ActionServlet. Placing all JSPs
below WEB-INF ensure that they are only accessed through Actions, and not
directly by the client or each other. This allows security to be moved up into
the Controller, where it can be handled more efficiently, and out of the base
presentation layer. 

I have done this and put all my pages at WEB-INF/pages.  However, I can still
get to them by typing http://localhost/NASApp/myApp/WEB-INF/pages/pageName.jsp
- so I don't see how "security is provided."  Maybe it's an iPlanet thing, but
here is my directory structure:

     - app
          - wardir
               - WEB-INF
               - pages
          - eardir



Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger

View raw message