tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Molloy" <ukalu...@bigfoot.com>
Subject How to prevent a .jsp from being accessed directly?
Date Tue, 30 Jan 2001 01:41:02 GMT
I'm using the following web.xml file inside a servlet context
(/opt/tomcat/webapps/staging/WEB-INF/web.xml). However, it's not preventing
direct access to the jsp file, which is what I'm hoping to achieve. I got
this from the O'Reilly Javaserver Pages book, but it's not working. Any
suggestions?

Thanks
--Michael

<web-app>
        <servlet>
                <servlet-name>RosterServlet</servlet-name>
                <servlet-class>RosterServlet</servlet-class>
                <load-on-startup>1</load-on-startup>

        </servlet>
        <servlet-mapping>
                <servlet-name>RosterServlet</servlet-name>
                <url-pattern>/process</url-pattern>
        </servlet-mapping>
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>no-access</web-resource-name>
                        <url-pattern>selectroster.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>nobody</role-name>
                </auth-constraint>
        </security-constraint>
</web-app>


Mime
View raw message