Return-Path: 
 <users-return-185309-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 37629 invoked from network); 14 Sep 2008 01:00:15 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 14 Sep 2008 01:00:15 -0000
Received: (qmail 96100 invoked by uid 500); 14 Sep 2008 00:59:59 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 96082 invoked by uid 500); 14 Sep 2008 00:59:59 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 96071 invoked by uid 99); 14 Sep 2008 00:59:59 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Sep 2008 17:59:59 -0700
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=HTML_MESSAGE,SPF_PASS,WHOIS_MYPRIVREG
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of mgainty@hotmail.com
 designates 65.55.111.90 as permitted sender)
Received: from [65.55.111.90] (HELO blu0-omc2-s15.blu0.hotmail.com)
 (65.55.111.90)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 14 Sep 2008 00:58:57 +0000
Received: from BLU142-W15 ([65.55.111.73]) by blu0-omc2-s15.blu0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.3959);
	 Sat, 13 Sep 2008 17:59:29 -0700
Message-ID: <BLU142-W15CCDFE997BF397D24DCD0AE530@phx.gbl>
Content-Type: multipart/alternative;
	boundary="_d2f37a98-973d-48bf-8a81-c38b7ead140d_"
X-Originating-IP: [24.63.238.210]
From: Martin Gainty <mgainty@hotmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Question is answered. See Bill Barker-2 answer
Date: Sat, 13 Sep 2008 20:59:29 -0400
Importance: Normal
In-Reply-To: <19476209.post@talk.nabble.com>
References: <19415053.post@talk.nabble.com>
 <48CBCF30.5070105@reedyriver.com> <19471795.post@talk.nabble.com>
 <BLU142-W125AAA9A659CFB41955193AE500@phx.gbl> <19476209.post@talk.nabble.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 14 Sep 2008 00:59:29.0321 (UTC)
 FILETIME=[241BA990:01C91605]
X-Virus-Checked: Checked by ClamAV on apache.org

--_d2f37a98-973d-48bf-8a81-c38b7ead140d_
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable


that was a 30 second solution amongst 100 different solutions<BR>

so maybe you want to categorise the jsps and then enable / disable view/upd=
ate/delete of the resources<BR> in those categories depending on the authen=
ticated credentials of the user<BR>
for this scenario you might want to look at portals and or content-manageme=
nt system<s><BR>

i would start here<BR>
http://portals.apache.org/jetspeed-1/fusion.html<BR>

Martin<BR>
______________________________________________ <BR>
Disclaimer and confidentiality note=20
Everything in this e-mail and any attachments relates to the official busin=
ess of Sender. This transmission is of a confidential nature and Sender doe=
s not endorse distribution to any party other than intended recipient. Send=
er does not necessarily endorse content contained within this transmission.=
=20


> Date: Sat=2C 13 Sep 2008 17:32:29 -0700
> From: coolwhiff@mail.ru
> To: users@tomcat.apache.org
> Subject: Question is answered. See Bill Barker-2 answer
>=20
>=20
> Hi=2C Martin
> Thanks for the answer
> I see=2C what you mean=2C but the problem is slightly different
>=20
> The matter is that our users can change jsp files whatever they like via
> administrative interface=2C so we want to restrict the use of scriplets i=
n
> these jsp's because of possible abuses
>=20
> Bill Barker-2 provided the comprehensive answer to this problem
>=20
>=20
> mgainty wrote:
> >=20
> >=20
> > use ths struts if tag to conditionally disable the code
> > <%@ taglib prefix=3D"s" uri=3D"/struts-tags"%>
> >=20
> > <s:if test=3D"%{false}">
> >     <div>Will Not Be Executed</div>
> > </s:if>
> >=20
> > http://struts.apache.org/2.0.11.2/docs/if.html
> > datorit=E3 struts
> > Martin=20
> > ______________________________________________=20
> > Disclaimer and confidentiality note=20
> > Everything in this e-mail and any attachments relates to the official
> > business of Sender. This transmission is of a confidential nature and
> > Sender does not endorse distribution to any party other than intended
> > recipient. Sender does not necessarily endorse content contained within
> > this transmission.=20
> >=20
> >=20
> >> Date: Sat=2C 13 Sep 2008 08:58:59 -0700
> >> From: coolwhiff@mail.ru
> >> To: users@tomcat.apache.org
> >> Subject: Re: Disable java code execution <%blabla%> in jsp=2C but perm=
its
> >> tags
> >>=20
> >>=20
> >> We want them to be able to customize information they get from our sys=
tem
> >> by
> >> using custom tags
> >>=20
> >>=20
> >> H. Hall wrote:
> >> >=20
> >> > kazukin6 wrote:
> >> >> Plz Help !!
> >> >> Is it possible to disable all java code execution within jsp page (=
by
> >> >> security manager or something)
> >> >> but allow custom tags to be executed?
> >> >>
> >> >> The problem is that the users can change jsp files=2C and due to
> >> security
> >> >> reasons we can allow them to use only tags=20
> >> >>  =20
> >> > Why are users allowed to change jsp files?
> >> >=20
> >> > HH
> >> >=20
> >> >=20
> >> >=20
> >> > --=20
> >> > H. Hall
> >> > ReedyRiver Group LLC
> >> > http://www.reedyriver.com
> >> >=20
> >> >=20
> >> > --------------------------------------------------------------------=
-
> >> > To start a new topic=2C e-mail: users@tomcat.apache.org
> >> > To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org
> >> > For additional commands=2C e-mail: users-help@tomcat.apache.org
> >> >=20
> >> >=20
> >> >=20
> >>=20
> >> --=20
> >> View this message in context:
> >> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-js=
p%2C-but-permits-tags-tp19415053p19471795.html
> >> Sent from the Tomcat - User mailing list archive at Nabble.com.
> >>=20
> >>=20
> >> ---------------------------------------------------------------------
> >> To start a new topic=2C e-mail: users@tomcat.apache.org
> >> To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands=2C e-mail: users-help@tomcat.apache.org
> >>=20
> >=20
> > _________________________________________________________________
> > Get more out of the Web. Learn 10 hidden secrets of Windows Live.
> > http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-c=
ns!550F681DAD532637!5295.entry?ocid=3DTXT_TAGLM_WL_domore_092008
> >=20
>=20
> --=20
> View this message in context: http://www.nabble.com/Disable-java-code-exe=
cution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>=20
>=20
> ---------------------------------------------------------------------
> To start a new topic=2C e-mail: users@tomcat.apache.org
> To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands=2C e-mail: users-help@tomcat.apache.org
>=20

_________________________________________________________________
See how Windows connects the people=2C information=2C and fun that are part=
 of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/=

--_d2f37a98-973d-48bf-8a81-c38b7ead140d_--