tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Flaumenhaft" <...@sidelight.com>
Subject Hiding a jsp file from public access?
Date Wed, 28 Feb 2001 00:28:18 GMT
Folks,

Is there anything in Tomcat or in the .war file specification to deny
non-forwarded access to a JSP? Where's the appropriate place to do this?

I'm using the MVC, or so-called model 2 approach, where a servlet prepares
and then forwards to a JSP. Users should NOT be able to ask for the JSP,
only the servlet (because the servlet needs to prepare context, check
security, etc.). What's the correct way?

Thanks,
Ben Flaumenhaft
Principal, Sidelight Consulting
http://www.sidelight.com



Mime
View raw message