tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Badi <ki...@poonam.org>
Subject Re: Protect JSP from Direct Access in Tomcat 7.0.xx
Date Wed, 20 Jun 2012 01:01:01 GMT
Yup done this Sharon.Thanks
On 6/19/2012 2:03 PM, Sharon Prober (sprober) wrote:
> You could always position your jsp's inside the WEB-INF dir....
> This will enable you to access them only through server redirects rather
> than absolute url's
>
> 	Sharon
>
> -----Original Message-----
> From: Kiran Badi [mailto:kiran@poonam.org]
> Sent: Tuesday, June 19, 2012 3:10 AM
> To: Tomcat Users List
> Subject: Protect JSP from Direct Access in Tomcat 7.0.xx
>
> Hi All,
>
> I need your guidance again.I have bunch of JSP's close to 100+ which I
> need to protect it from direct access.
>
> I have this mapping in web xml and this is not working,It seems that
> probably i need to define a role first and then use below settings.But
> unfortunately my app is open internet application which does not use
> realm at all.
>
> <security-constraint>
> <display-name>DenyAccesstoDirectJSP</display-name>
> <web-resource-collection>
> <web-resource-name>sample.jsp</web-resource-name>
> <description>Sample confirmation JSP</description>
> <url-pattern>*.jsp</url-pattern>  <http-method>GET</http-method>
> <http-method>POST</http-method>  </web-resource-collection>
> </security-constraint>
>
> All my jsp's are residing in the webpages folder of project directory.I
> know this is incorrect and probably gives direct access to jsp's.
>
> So I have some clarification to ask,
>
> 1. is their a way to tell tomcat to not to serve direct jsp's probably
> via web xml
>
> 2. Is their any extra setting that is required if I move my JSP's inside
> web-inf.I created a folder under web-inf and create sample hello
> world.jsp and then tried to invoke that jsp but got 404 message.
>
> - Kiran
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message