tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Molloy" <ukalu...@bigfoot.com>
Subject RE: How to prevent a .jsp from being accessed directly?
Date Tue, 30 Jan 2001 22:43:41 GMT
I've tried several variations, from your suggestion below to including the
entire url (www. . . .).

I'll take another look at it.

Thanks
--Michael

-----Original Message-----
From: BBueckers@sjm.com [mailto:BBueckers@sjm.com]
Sent: Tuesday, January 30, 2001 4:29 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


You may want to try setting the url pattern relative to the root i.e.
	<url-pattern>/dir1/subdir1/selectroster.jsp</url-pattern>

Bob

-----Original Message-----
From: Michael Molloy [mailto:ukalumni@bigfoot.com]
Sent: Monday, January 29, 2001 7:41 PM
To: Tomcat
Subject: How to prevent a .jsp from being accessed directly?


I'm using the following web.xml file inside a servlet context
(/opt/tomcat/webapps/staging/WEB-INF/web.xml). However, it's not preventing
direct access to the jsp file, which is what I'm hoping to achieve. I got
this from the O'Reilly Javaserver Pages book, but it's not working. Any
suggestions?

Thanks
--Michael

<web-app>
        <servlet>
                <servlet-name>RosterServlet</servlet-name>
                <servlet-class>RosterServlet</servlet-class>
                <load-on-startup>1</load-on-startup>

        </servlet>
        <servlet-mapping>
                <servlet-name>RosterServlet</servlet-name>
                <url-pattern>/process</url-pattern>
        </servlet-mapping>
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>no-access</web-resource-name>
                        <url-pattern>selectroster.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>nobody</role-name>
                </auth-constraint>
        </security-constraint>
</web-app>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org



Mime
View raw message