struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Raible <matt_rai...@yahoo.com>
Subject Re: Place all Java ServerPages below WEB-INF
Date Mon, 27 Aug 2001 02:10:47 GMT
Anyone know how to configure this in iPlanet Web Server 4.1+?  Also, if anyone
knows how to do it in IIS, that would be good knowledge too!

Thanks,

Matt

--- Scott Wilson-Billing <scottwb@btconnect.com> wrote:
> I should have mentioned that the actual configuration goes in the web server
> conf (apache in the example I gave).
> 
> Scott
> ----- Original Message -----
> From: "Scott Wilson-Billing" <scottwb@btconnect.com>
> To: <struts-user@jakarta.apache.org>
> Sent: Sunday, August 26, 2001 10:29 PM
> Subject: Re: Place all Java ServerPages below WEB-INF
> 
> 
> > NASApp is iPlanet's way of passing stuff from the web server to the web
> > container - it's used as a tag. Anything with NASApp in the URL is auto
> > forwared to the web container. Rules for denying access to stuff below
> > WEB-INF is normally configured in the web container. Maybe the iPlanet web
> > container needs configuring. Here's a Tomcat example:-
> >
> > #
> > # The following line prohibits users from directly accessing WEB-INF
> > #
> > <Location "/myApp/WEB-INF/">
> >     AllowOverride None
> >     deny from all
> > </Location>
> >
> > Scott Wilson-Billing
> >
> >
> > ----- Original Message -----
> > From: "Ted Husted" <husted@apache.org>
> > To: <struts-user@jakarta.apache.org>
> > Sent: Sunday, August 26, 2001 7:49 PM
> > Subject: Re: Place all Java ServerPages below WEB-INF
> >
> >
> > > That directory structure doesn't look quite right to me. Usually, the
> > > URL would be
> > >
> > > http://localhost/myApp/WEB-INF/pages/pageName.jsp
> > > [can't get there from here ;-)]
> > >
> > > where there may have been a myApp.war that deployed the application.
> > >
> > > -T.
> > >
> > > Matt Raible wrote:
> > > >
> > > > In Ted Husted's Catalog at http://husted.com/about/struts/catalog.htm,
> > he
> > > > states the following:
> > > >
> > > > Place all Java ServerPages below WEB-INF
> > > > The container provides security for all files below WEB-INF. This
> > applies to
> > > > client requests, but not forwards from the ActionServlet. Placing all
> > JSPs
> > > > below WEB-INF ensure that they are only accessed through Actions, and
> > not
> > > > directly by the client or each other. This allows security to be moved
> > up into
> > > > the Controller, where it can be handled more efficiently, and out of
> the
> > base
> > > > presentation layer.
> > > >
> > > > I have done this and put all my pages at WEB-INF/pages.  However, I
> can
> > still
> > > > get to them by typing
> > http://localhost/NASApp/myApp/WEB-INF/pages/pageName.jsp
> > > > - so I don't see how "security is provided."  Maybe it's an iPlanet
> > thing, but
> > > > here is my directory structure:
> > > >
> > > > APPS
> > > >      - app
> > > >           - wardir
> > > >                - WEB-INF
> > > >                - pages
> > > >           - eardir
> > > >
> > > > Thanks,
> > > >
> > > > Matt
> > >
> >
> >
> 


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Mime
View raw message