...Although it blocks the <welcome-file-list> file.
<!-- Restricts access to pure JSP files - access available only via Struts
action -->
<security-constraint>
<display-name>No direct JSP access</display-name>
<web-resource-collection>
<web-resource-name>No-JSP</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>no-users</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Don't assign users to this role</description>
<role-name>no-users</role-name>
</security-role>
<welcome-file-list>
<welcome-file>WEB-INF/jsps/index.jsp</welcome-file>
</welcome-file-list>
On 16 June 2017 at 08:54, Lukasz Lenart <lukaszlen...@apache.org> wrote:
> Great! I have added a ToC and pushed to the top :)
>
> http://struts.apache.org/security/
>
>
> Regards
> --
> Ćukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>
