tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Taylor" <rtay...@mulework.com>
Subject RE: [newbie] Container Managed Security - preventing direct access to .jsp
Date Wed, 15 Dec 2004 01:55:35 GMT
I'm not trying to re-invent anything. I'm just trying to 
leverage the specification to secure resources.

Personally I prefer WEB-INF to contain web application
configuration and information resources instead of content
and other non-configuration resources. IMHO, its intuitive that
way.

For anyone else that may even be remotely interested in this
topic, some further googling produced some interesting results.
I searched using the string:

     "preventing direct access to .jsp files"

It appears that there is no standard way to do this even though
it's implied in the spec.

Here's a good example:
http://forums.bea.com/bea/message.jspa?messageID=202433201

Oh well...

/robert

> -----Original Message-----
> From: Hassan Schroeder [mailto:hassan@webtuitive.com]
> Sent: Tuesday, December 14, 2004 5:55 PM
> To: Tomcat Users List
> Subject: Re: [newbie] Container Managed Security - preventing direct
> access to .jsp
> 
> 
> Robert Taylor wrote:
> 
> > Does this not imply that I can do what I am trying to do?
> 
> I suppose; I'm just baffled why you want to reinvent this particular
> built-in wheel, but don't let that stop you :-)
> 
> -- 
> Hassan Schroeder ----------------------------- hassan@webtuitive.com
> Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com
> 
>                            dream.  code.
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message