tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Delisle <pierre.deli...@sun.com>
Subject Re: Hiding a jsp file from public access?
Date Wed, 28 Feb 2001 02:14:42 GMT


Ben Flaumenhaft wrote:
> 
> Folks,
> 
> Is there anything in Tomcat or in the .war file specification to deny
> non-forwarded access to a JSP? Where's the appropriate place to do this?
> 
> I'm using the MVC, or so-called model 2 approach, where a servlet prepares
> and then forwards to a JSP. Users should NOT be able to ask for the JSP,
> only the servlet (because the servlet needs to prepare context, check
> security, etc.). What's the correct way?

Simply put the JSPs under the WEB-INF directory. 

Tomcat protects the WEB-INF directory for you.  This is required by the servlet
specification.

    -- Pierre

Mime
View raw message