tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <>
Subject Re: [newbie] Container Managed Security - preventing direct access to .jsp
Date Tue, 14 Dec 2004 22:06:49 GMT
Robert Taylor wrote:
> I didn't realize that was added to the 2.4 spec.

It was in 2.3, too. I'd guess it was in the spec from the get-go,
but don't have an older copy to hand to confirm.

> Even so, it would be nice to know how to use CMS to achieve this.

What is your definition of "Container Managed Security", then, if
not this? The container prevents direct access to the resources
placed within WEB-INF, without you having to do anything else.

> Maybe a better way to form the question would be how do I use
> CMS to protect .jsp pages from direct access

as above.
 >                                               and return a user
> friendly page/message when a .jsp page is requested without going through
> the controller?

A custom 404 page should take care of it. And you can get as fancy
with that as you like :-)

Hassan Schroeder -----------------------------
Webtuitive Design ===  (+1) 408-938-0567   ===

                           dream.  code.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message