From jdelagarza@designinsites.com  Thu Dec  7 01:19:34 2000
Return-Path: <jdelagarza@designinsites.com>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 96353 invoked from network); 7 Dec 2000 01:19:34 -0000
Received: from adsl-64-161-119-100.dsl.snfc21.pacbell.net (HELO PATHOS.DI.local) (64.161.119.100)
  by locus.apache.org with SMTP; 7 Dec 2000 01:19:34 -0000
Received: from JDELAGARZA ([4.33.252.2]) by PATHOS.DI.local with Microsoft SMTPSVC(5.0.2172.1);
	 Wed, 6 Dec 2000 17:19:44 -0800
Reply-To: <jdelagarza@designinsites.com>
From: "John de la Garza" <jdelagarza@designinsites.com>
To: <tomcat-user@jakarta.apache.org>
Subject: RE: posting to servlets from a url
Date: Wed, 6 Dec 2000 17:19:53 -0800
Message-ID: <003e01c05feb$ce252cf0$2e7513d1@JDELAGARZA>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
In-Reply-To: <BKEOLNAEFCIBACKFHANHEEOECIAA.cpclvlnk@fitzpatrick.cc>
X-OriginalArrivalTime: 07 Dec 2000 01:19:44.0451 (UTC) FILETIME=[C80B4930:01C05FEB]
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

Yea, that is what I am currently doing...can't the server container handle
that for me?

Like only let the server posted or get from the servlets?

I wanted to avoid putting security code in every servlet, one by one.

-----Original Message-----
From: CPC Livelink Admin [mailto:cpclvlnk@fitzpatrick.cc]
Sent: Wednesday, December 06, 2000 5:16 PM
To: tomcat-user@jakarta.apache.org; jdelagarza@designinsites.com
Subject: RE: posting to servlets from a url



You could implement a simple locking mechanism.  When you are about to
access one of your classes, set a session or request scoped bean or session
variable, and then in your servlets, check for that object, and then remove
it.

-----Original Message-----
From: John de la Garza [mailto:jdelagarza@designinsites.com]
Sent: Wednesday, December 06, 2000 05:04 PM
To: Tomcat-Users (E-mail)
Subject: posting to servlets from a url


Is there some way I can make my server not allow users to type in URL's
directly to servlets in the WEB-INF/classes directory?

I only want these servlets to be accessed by my own jsp pages on my server.