Joel,
You could:
A) Setup a servlet that just included this jsp's.
B) I don't know if this would work but list the other jsp's in a
separate security-constraint giving everyone access to these jsps... (I
don't know if this is possible - I would do A - it better follows
MVC...)
-----Original Message-----
From: Joel Baker [mailto:news@news.jb21.net]
Sent: Sunday, May 05, 2002 12:55 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: More complex security-constraint options
I want to restrict all of /*.jsp except a few jsp files that are used
for logging on and such. I currently have a security-constraint doing
this (restricting access to
*.jsp) but of course I can't find any way of allowing the few jsps I
want to publically allow.
Joel.
""Abraham Fathman"" <afathman@one.net> wrote in message
news:<013c01c1f3ec$2bc49720$8a56e20a@pcg>...
| Joel,
|
| Setup a <security-contraint> in the web.xml that includes the url that
| you want to restrict.
|
|
| -----Original Message-----
| From: Joel Baker [mailto:news@news.jb21.net]
| Sent: Saturday, May 04, 2002 10:24 PM
| To: tomcat-user@jakarta.apache.org
| Subject: More complex security-constraint options
|
|
| Hi all,
|
| I'm trying to create a web application that imposes a security
| constraint on all but a few of the JSP pages. I don't want to split up
| the application putting the non-public stuff in a private directory
| and only applying the security-constraint to this, as this isn't as
| elegant as the solution I would ideally like as I want the root of the
| webapp to be the root for a logged in user, not for them to go to some
| directory within the webapp.
|
| Basically, is there a way to refine the security constraints
| url-pattern tag to allow excluding certain files or directories?
|
| Thanks in advance,
|
| Joel Baker.
|
|
| --
| To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
| For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
| Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
|
|
--
To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
--
To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
|