RE: How to prevent a .jsp from being accessed directly?

Tue, 30 Jan 2001 14:22:18 -0800 

You may also want to try setting the url pattern relative to the root going
only down to the directory in which it exist to see if that atleast works,
rather than specifying the coplete path to the file.
        i.e.
                <url-pattern>/dir1/subdir1/*</url-pattern>

Bob

-----Original Message-----
From: Michael Molloy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 30, 2001 4:09 PM
To: Tomcat
Subject: How to prevent a .jsp from being accessed directly?


Since no one responded, does that mean there's nothing wrong with the xml
below?

It's still not working. Any suggestions would be welcome.

--Michael

-----Original Message-----
From: Michael Molloy [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 29, 2001 7:41 PM
To: Tomcat
Subject: How to prevent a .jsp from being accessed directly?


I'm using the following web.xml file inside a servlet context
(/opt/tomcat/webapps/staging/WEB-INF/web.xml). However, it's not preventing
direct access to the jsp file, which is what I'm hoping to achieve. I got
this from the O'Reilly Javaserver Pages book, but it's not working. Any
suggestions?

Thanks
--Michael

<web-app>
        <servlet>
                <servlet-name>RosterServlet</servlet-name>
                <servlet-class>RosterServlet</servlet-class>
                <load-on-startup>1</load-on-startup>

        </servlet>
        <servlet-mapping>
                <servlet-name>RosterServlet</servlet-name>
                <url-pattern>/process</url-pattern>
        </servlet-mapping>
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>no-access</web-resource-name>
                        <url-pattern>selectroster.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>nobody</role-name>
                </auth-constraint>
        </security-constraint>
</web-app>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to