tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Badi <>
Subject Protect JSP from Direct Access in Tomcat 7.0.xx
Date Tue, 19 Jun 2012 00:10:15 GMT
Hi All,

I need your guidance again.I have bunch of JSP's close to 100+ which I 
need to protect it from direct access.

I have this mapping in web xml and this is not working,It seems that 
probably i need to define a role first and then use below settings.But 
unfortunately my app is open internet application which does not use 
realm at all.

<description>Sample confirmation JSP</description>

All my jsp's are residing in the webpages folder of project directory.I 
know this is incorrect and probably gives direct access to jsp's.

So I have some clarification to ask,

1. is their a way to tell tomcat to not to serve direct jsp's probably 
via web xml

2. Is their any extra setting that is required if I move my JSP's inside 
web-inf.I created a folder under web-inf and create sample hello 
world.jsp and then tried to invoke that jsp but got 404 message.

- Kiran

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message