Re: security-constraint blocks welcome file with 403
Marks, Thanks for the info, originally I was using just index.jsp, but this also gets blocked with a 403: index.jsp I will look into the servlet suggestion. Cheers Greg On 19 June 2017 at 10:39, Mark Thomaswrote: > On 19/06/17 08:24, Greg Huber wrote: > > Hello, > > > > If I add a security constrait to block direct access to jsp outside of > > /WEB-INF/ it blocks the welcome-file with a 403. Is there a caveat for > > using this here? > > Your welcome file is invalid. It should be a file name without a path. > Remember it applies to all directories, not just the web application root. > > Security constraints apply to welcome files. > > You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp" > > Mark > > > > > > > > > > No direct JSP access > > > > No-JSP > > *.jsp > > > > > > no-users > > > > > > > > > > Don't assign users to this role > > no-users > > > > > > > > WEB-INF/jsps/index.jsp > > > > > > Cheers Greg > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: security-constraint blocks welcome file with 403
On Mon, Jun 19, 2017 at 3:09 PM, Mark Thomaswrote: > On 19/06/17 08:24, Greg Huber wrote: > > Hello, > > > > If I add a security constrait to block direct access to jsp outside of > > /WEB-INF/ it blocks the welcome-file with a 403. Is there a caveat for > > using this here? > > Your welcome file is invalid. It should be a file name without a path. > Remember it applies to all directories, not just the web application root. > > Security constraints apply to welcome files. > > You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp" > > Mark > > > > > > > > > > No direct JSP access > > > > No-JSP > > *.jsp > > > > > > no-users > > > > > > > > > > Don't assign users to this role > > no-users > > > > > > > > WEB-INF/jsps/index.jsp > > > > > > Cheers Greg > > > > This is what I have done using spring. @RequestMapping(value = { "/", "/login" }) public ModelAndView login(@RequestParam(value = "error", required = false) String error, @RequestParam(value = "logout", required = false) String logout) { ModelAndView modelAndView = new ModelAndView(); modelAndView.setViewName("login"); return modelAndView; } And my login.jsp file resides inside the WEB-INF/jsp/login.jsp In case if you are using spring. ;) > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: security-constraint blocks welcome file with 403
On 19/06/17 08:24, Greg Huber wrote: > Hello, > > If I add a security constrait to block direct access to jsp outside of > /WEB-INF/ it blocks the welcome-file with a 403. Is there a caveat for > using this here? Your welcome file is invalid. It should be a file name without a path. Remember it applies to all directories, not just the web application root. Security constraints apply to welcome files. You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp" Mark > > > > No direct JSP access > > No-JSP > *.jsp > > > no-users > > > > > Don't assign users to this role > no-users > > > > WEB-INF/jsps/index.jsp > > > Cheers Greg > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
security-constraint blocks welcome file with 403
Hello, If I add a security constrait to block direct access to jsp outside of /WEB-INF/ it blocks the welcome-file with a 403. Is there a caveat for using this here? No direct JSP access No-JSP *.jsp no-users Don't assign users to this role no-users WEB-INF/jsps/index.jsp Cheers Greg