Please disregard my previous post. I

Thank you.


At 03:20 PM 7/26/2004, you wrote:
In Tomcat 4, I would map request URLs to JSPs and handle the forwarding on the server side. Direct user access to JSPs was prevented using the following security constraint configuration:

<security-constraint>
  <display-name>JSP Protection</display-name>
  <web-resource-collection>
    <web-resource-name>JSPs</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <http-method>DELETE</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>Administrator</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>


This seems to not work with Tomcat 5 as the constraint is applied even though no direct request is made by the user. Is this change in behavior the result of a spec change? I could find no such clarification.


Thanks for the help.

Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to