struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M.Liang Liu " <patriot...@gmail.com>
Subject Re: How to keep users from accessing to *.jsp strightforword?
Date Sat, 14 Jul 2007 05:59:09 GMT
to Neil,
Thanks for ur help,I noticed that with the help of <error-page>,I can
redirect the *.jsp to the index.html.
By the way,when I tryed to redirect to a url like /login.action,it does NOT
work.

However,this can meet my need all the way.

Any comment?
thx.
On 7/14/07, Neil Aggarwal <neil@jammconsulting.com> wrote:
>
> M.Liang:
>
> Add this to your web.xml:
>
>   <!-- Do not allow users to load jsps directly -->
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>no_access</web-resource-name>
>       <url-pattern>*.jsp</url-pattern>
>     </web-resource-collection>
>     <auth-constraint/>
>   </security-constraint>
>
>         Neil
>
> --
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
> FREE! Eliminate junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
> -----Original Message-----
> From: M.Liang Liu [mailto:patriotlml@gmail.com]
> Sent: Friday, July 13, 2007 11:01 PM
> To: user@struts.apache.org
> Subject: How to keep users from accessing to *.jsp strightforword?
>
>
> I just would like to block users to get to the login.jsp through the
> url:http://somedomain.com/login.jsp.
> Instead,users can login with the url :http://somedomain.com/login.action---
> actually the login.jsp page.
>
> With the help of code-in-behind-plugin,users can just login with the
> url:http://somedomain.com/login.action .
>
> And what I would like to do is block the direct *.jsp access.
>
> Any comment would be greatly appreciated.
>
> --
> View this message in context:
>
> http://www.nabble.com/How-to-keep-users-from-accessing--to-*.jsp-strightforw
> ord--tf4077945.html#a11590867
> Sent from the Struts - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
              ------M.Liang Liu

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message