Re: security-constraint blocks welcome file with 403

2017-06-20 Thread Greg Huber 
Marks,

Thanks for the info, originally I was using just index.jsp, but this also
gets blocked with a 403:

index.jsp

I will look into the servlet suggestion.

Cheers Greg

On 19 June 2017 at 10:39, Mark Thomas  wrote:

> On 19/06/17 08:24, Greg Huber wrote:
> > Hello,
> >
> > If I add a security constrait to block direct access to jsp outside of
> > /WEB-INF/ it blocks the welcome-file with a 403.  Is there a caveat for
> > using this here?
>
> Your welcome file is invalid. It should be a file name without a path.
> Remember it applies to all directories, not just the web application root.
>
> Security constraints apply to welcome files.
>
> You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp"
>
> Mark
>
>
> >
> > 
> >  
> >  No direct JSP access
> >  
> >  No-JSP
> >  *.jsp
> >  
> >  
> >  no-users
> >  
> >  
> >
> >  
> >  Don't assign users to this role
> >  no-users
> >  
> >
> >  
> >  WEB-INF/jsps/index.jsp
> >  
> >
> > Cheers Greg
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: security-constraint blocks welcome file with 403

2017-06-19 Thread Addy D 
On Mon, Jun 19, 2017 at 3:09 PM, Mark Thomas  wrote:

> On 19/06/17 08:24, Greg Huber wrote:
> > Hello,
> >
> > If I add a security constrait to block direct access to jsp outside of
> > /WEB-INF/ it blocks the welcome-file with a 403.  Is there a caveat for
> > using this here?
>
> Your welcome file is invalid. It should be a file name without a path.
> Remember it applies to all directories, not just the web application root.
>
> Security constraints apply to welcome files.
>
> You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp"
>
> Mark
>
>
> >
> > 
> >  
> >  No direct JSP access
> >  
> >  No-JSP
> >  *.jsp
> >  
> >  
> >  no-users
> >  
> >  
> >
> >  
> >  Don't assign users to this role
> >  no-users
> >  
> >
> >  
> >  WEB-INF/jsps/index.jsp
> >  
> >
> > Cheers Greg
> >
>
> This is what I have done using spring.

@RequestMapping(value = { "/", "/login" })
public ModelAndView login(@RequestParam(value = "error", required =
false) String error,
@RequestParam(value = "logout", required = false) String
logout) {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("login");
return modelAndView;
}

And my login.jsp file resides inside the WEB-INF/jsp/login.jsp

In case if you are using spring. ;)


>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: security-constraint blocks welcome file with 403

2017-06-19 Thread Mark Thomas 
On 19/06/17 08:24, Greg Huber wrote:
> Hello,
> 
> If I add a security constrait to block direct access to jsp outside of
> /WEB-INF/ it blocks the welcome-file with a 403.  Is there a caveat for
> using this here?

Your welcome file is invalid. It should be a file name without a path.
Remember it applies to all directories, not just the web application root.

Security constraints apply to welcome files.

You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp"

Mark


> 
> 
>  
>  No direct JSP access
>  
>  No-JSP
>  *.jsp
>  
>  
>  no-users
>  
>  
> 
>  
>  Don't assign users to this role
>  no-users
>  
> 
>  
>  WEB-INF/jsps/index.jsp
>  
> 
> Cheers Greg
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

security-constraint blocks welcome file with 403

2017-06-19 Thread Greg Huber 
Hello,

If I add a security constrait to block direct access to jsp outside of
/WEB-INF/ it blocks the welcome-file with a 403.  Is there a caveat for
using this here?


 
 No direct JSP access
 
 No-JSP
 *.jsp
 
 
 no-users
 
 

 
 Don't assign users to this role
 no-users
 

 
 WEB-INF/jsps/index.jsp
 

Cheers Greg