tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Haynes" <ch...@harvington.org.uk>
Subject Re: Hiding a jsp file from public access?
Date Wed, 28 Feb 2001 08:43:53 GMT
Ben,

I'm using exactly the same architecture and have Apache up front, so
I'm planning to put my jsps in a sub-dir JSP of their own and then use
<Location "/JSP/">
    AllowOverride none
    deny from all
  </Location>
in my Apache Virtual Host definition
. . . but I have not got that far yet, so can't say that it works.

Haven't seen a tomcat-only way of doing this.

Chris Haynes
Evesham
England


----- Original Message -----
From: "Ben Flaumenhaft" <ben@sidelight.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Wednesday, February 28, 2001 12:28 AM
Subject: Hiding a jsp file from public access?


> Folks,
>
> Is there anything in Tomcat or in the .war file specification to
deny
> non-forwarded access to a JSP? Where's the appropriate place to do
this?
>
> I'm using the MVC, or so-called model 2 approach, where a servlet
prepares
> and then forwards to a JSP. Users should NOT be able to ask for the
JSP,
> only the servlet (because the servlet needs to prepare context,
check
> security, etc.). What's the correct way?
>
> Thanks,
> Ben Flaumenhaft
> Principal, Sidelight Consulting
> http://www.sidelight.com
>
>
>
> --------------------------------------------------------------------
-
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org
>
>


Mime
View raw message