tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Shirk <>
Subject Protecting JSPs in Tomcat 5
Date Mon, 26 Jul 2004 20:20:36 GMT
In Tomcat 4, I would map request URLs to JSPs and handle the forwarding on 
the server side. Direct user access to JSPs was prevented using the 
following security constraint configuration:

   <display-name>JSP Protection</display-name>

This seems to not work with Tomcat 5 as the constraint is applied even 
though no direct request is made by the user. Is this change in behavior 
the result of a spec change? I could find no such clarification.

Thanks for the help.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message