tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <>
Subject Re: [newbie] Container Managed Security - preventing direct access to .jsp
Date Tue, 14 Dec 2004 19:20:54 GMT
Robert Taylor wrote:

> Please let me know if this questions is just too obvious
> and I'll gladly RTFM...

See below :-)

> It just seems like a common idiom to provide a portable mechanism
> for protecting direct access to .jsp so as to enforce access through
> some controller. I have in the past placed .jsp files "behind" WEB-INF,
> but I don't believe that is portable and would like to use CMS to achieve
> this.

Given that the Java" Servlet Specification Version 2.4, page 70 sez:

	A special directory exists within the application hierarchy
	named WEB-INF. This directory contains all things related to
	the application that aren't in the document root of the
	application. The WEB-INF node is not part of the public
	document tree of the application. No file contained in the
	WEB-INF directory may be served directly to a client by the

I don't know how much more "portable" you want it to be :-)

Hassan Schroeder -----------------------------
Webtuitive Design ===  (+1) 408-938-0567   ===

                           dream.  code.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message