Move your JSPs inside your WEB-INF directory and use
request.getRequestDispatcher("path/to/JSP").forward(request, response):
http://www.jguru.com/faq/view.jsp?EID=471953On Tue, Feb 23, 2010 at 3:17 AM, iodsfjoipsdfi ijsdpfijd < [email protected]> wrote: > Hi, > > How do I restrict direct access to files in my GAE app? Especially JSP > files. > > This is not working on GAE: > > <security-constraint> > <web-resource-collection> > <web-resource-name>All JSP Pages</web-resource-name> > <url-pattern>/jsp/*</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > </security-constraint> > > I've got my own authentication mechanism, so I don't want to use google > account (otherwise I could use in the above example > <role-name>*</role-name> or <role-name>admin</role-name>). > > I'd like my app to restrict direct access to JSPs, but let my servlets to > dispatch the request to them. > > Thanks in advance. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > -- Ikai Lan Developer Programs Engineer, Google App Engine http://googleappengine.blogspot.com | http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
