tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Haberlach <a...@newsnipple.com>
Subject Re: Hiding a jsp file from public access?
Date Wed, 28 Feb 2001 02:38:48 GMT
On Tue, Feb 27, 2001 at 06:14:42PM -0800, Pierre Delisle wrote:
> Ben Flaumenhaft wrote:
> > 
> > Folks,
> > 
> > Is there anything in Tomcat or in the .war file specification to deny
> > non-forwarded access to a JSP? Where's the appropriate place to do this?
> > 
> > I'm using the MVC, or so-called model 2 approach, where a servlet prepares
> > and then forwards to a JSP. Users should NOT be able to ask for the JSP,
> > only the servlet (because the servlet needs to prepare context, check
> > security, etc.). What's the correct way?
> 
> Simply put the JSPs under the WEB-INF directory. 
> 
> Tomcat protects the WEB-INF directory for you.  This is required by the servlet
> specification.

	On another note (I'm barging in here since I just joined the list) I've
got a machine set up in which we will have several developers working
independently on the same code via source control.  Currently, each engineer
has their own context, but I need a way to give them their own classpaths,
so that code can be checked out into the path, used, tested, modified, and
then checked back into the tree for others.

	In PHP I did this by setting PHP's includepath directives in the httpd.conf
file.  Is there a similar way to do this for Tomcat classes?

-- 
Adam Haberlach            | "Having a smoking section in a restaurant is
adam@newsnipple.com       | like having a peeing section in a swimming pool"
http://www.newsnipple.com |
'88 EX500    '00 >^<      |

Mime
View raw message