tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dwayne Ghant <dgh...@temple.edu>
Subject Re: [newbie] Container Managed Security - preventing direct access to .jsp
Date Tue, 14 Dec 2004 21:43:31 GMT
Have you tried writing a session bean??? if not 
just write a session bean and import it as a header in
all you *.jsp pages.  The sessions will controll the flow of
the application.

ex:
<%@ include file="Secrity_stuff.jsp" %>

This is common in writing applications.

Robert Taylor wrote:

>Thanks Hassan. I didn't realize that was added to the 2.4 spec.
>Thanks for pointing that out. 
>
>Even so, it would be nice to know how to use CMS to achieve this.
>
>Maybe a better way to form the question would be how do I use
>CMS to protect .jsp pages from direct access and return a user
>friendly page/message when a .jsp page is requested without going through
>the controller?
> 
>
>/robert
>
>  
>
>>-----Original Message-----
>>From: Hassan Schroeder [mailto:hassan@webtuitive.com]
>>Sent: Tuesday, December 14, 2004 2:21 PM
>>To: Tomcat Users List
>>Subject: Re: [newbie] Container Managed Security - preventing direct
>>access to .jsp
>>
>>
>>Robert Taylor wrote:
>>
>>    
>>
>>>Please let me know if this questions is just too obvious
>>>and I'll gladly RTFM...
>>>      
>>>
>>See below :-)
>>
>>    
>>
>>>It just seems like a common idiom to provide a portable mechanism
>>>for protecting direct access to .jsp so as to enforce access through
>>>some controller. I have in the past placed .jsp files "behind" WEB-INF,
>>>but I don't believe that is portable and would like to use CMS to achieve
>>>this.
>>>      
>>>
>>Given that the Java" Servlet Specification Version 2.4, page 70 sez:
>>
>>	A special directory exists within the application hierarchy
>>	named WEB-INF. This directory contains all things related to
>>	the application that aren't in the document root of the
>>	application. The WEB-INF node is not part of the public
>>	document tree of the application. No file contained in the
>>	WEB-INF directory may be served directly to a client by the
>>	container.
>>
>>I don't know how much more "portable" you want it to be :-)
>>
>>HTH!
>>-- 
>>Hassan Schroeder ----------------------------- hassan@webtuitive.com
>>Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com
>>
>>                           dream.  code.
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>  
>


-- 

Dwayne A. Ghant
Application Developer
Temple University
215.204.5555
dghant@temple.edu

 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message