tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: Question is answered. See Bill Barker-2 answer
Date Sun, 14 Sep 2008 00:59:29 GMT

that was a 30 second solution amongst 100 different solutions<BR>

so maybe you want to categorise the jsps and then enable / disable view/update/delete of the
resources<BR> in those categories depending on the authenticated credentials of the
user<BR>
for this scenario you might want to look at portals and or content-management system<s><BR>

i would start here<BR>
http://portals.apache.org/jetspeed-1/fusion.html<BR>

Martin<BR>
______________________________________________ <BR>
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business of Sender.
This transmission is of a confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not necessarily endorse content contained
within this transmission. 


> Date: Sat, 13 Sep 2008 17:32:29 -0700
> From: coolwhiff@mail.ru
> To: users@tomcat.apache.org
> Subject: Question is answered. See Bill Barker-2 answer
> 
> 
> Hi, Martin
> Thanks for the answer
> I see, what you mean, but the problem is slightly different
> 
> The matter is that our users can change jsp files whatever they like via
> administrative interface, so we want to restrict the use of scriplets in
> these jsp's because of possible abuses
> 
> Bill Barker-2 provided the comprehensive answer to this problem
> 
> 
> mgainty wrote:
> > 
> > 
> > use ths struts if tag to conditionally disable the code
> > <%@ taglib prefix="s" uri="/struts-tags"%>
> > 
> > <s:if test="%{false}">
> >     <div>Will Not Be Executed</div>
> > </s:if>
> > 
> > http://struts.apache.org/2.0.11.2/docs/if.html
> > datorită struts
> > Martin 
> > ______________________________________________ 
> > Disclaimer and confidentiality note 
> > Everything in this e-mail and any attachments relates to the official
> > business of Sender. This transmission is of a confidential nature and
> > Sender does not endorse distribution to any party other than intended
> > recipient. Sender does not necessarily endorse content contained within
> > this transmission. 
> > 
> > 
> >> Date: Sat, 13 Sep 2008 08:58:59 -0700
> >> From: coolwhiff@mail.ru
> >> To: users@tomcat.apache.org
> >> Subject: Re: Disable java code execution <%blabla%> in jsp, but permits
> >> tags
> >> 
> >> 
> >> We want them to be able to customize information they get from our system
> >> by
> >> using custom tags
> >> 
> >> 
> >> H. Hall wrote:
> >> > 
> >> > kazukin6 wrote:
> >> >> Plz Help !!
> >> >> Is it possible to disable all java code execution within jsp page (by
> >> >> security manager or something)
> >> >> but allow custom tags to be executed?
> >> >>
> >> >> The problem is that the users can change jsp files, and due to
> >> security
> >> >> reasons we can allow them to use only tags 
> >> >>   
> >> > Why are users allowed to change jsp files?
> >> > 
> >> > HH
> >> > 
> >> > 
> >> > 
> >> > -- 
> >> > H. Hall
> >> > ReedyRiver Group LLC
> >> > http://www.reedyriver.com
> >> > 
> >> > 
> >> > ---------------------------------------------------------------------
> >> > To start a new topic, e-mail: users@tomcat.apache.org
> >> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> > For additional commands, e-mail: users-help@tomcat.apache.org
> >> > 
> >> > 
> >> > 
> >> 
> >> -- 
> >> View this message in context:
> >> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html
> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >> 
> >> 
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >> 
> > 
> > _________________________________________________________________
> > Get more out of the Web. Learn 10 hidden secrets of Windows Live.
> > http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
> > 
> 
> -- 
> View this message in context: http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message