Re: struts-site git commit: update security page
My main site is not a struts app, so mixing defaults may be best here. Also, the security constraints apply to the welcome files so some sort of servlet redirect is required to make it work (via tomcat user list). Cheers Greg On 19 June 2017 at 11:20, Lukasz Lenartwrote: > 2017-06-19 9:17 GMT+02:00 Greg Huber : > > Tested it again tomcat (8.5.15), definitely a 403. Will see if I can > find > > some more info. > > Hmm...but you do not need the , I am using > which does exactly the same thing. > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: struts-site git commit: update security page
2017-06-19 9:17 GMT+02:00 Greg Huber: > Tested it again tomcat (8.5.15), definitely a 403. Will see if I can find > some more info. Hmm...but you do not need the , I am using which does exactly the same thing. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: struts-site git commit: update security page
Tested it again tomcat (8.5.15), definitely a 403. Will see if I can find some more info. On 19 June 2017 at 08:04, Lukasz Lenartwrote: > Did you test that? I think ignore security constraints > ... or maybe it was just Jetty ;) > > 2017-06-16 10:50 GMT+02:00 Greg Huber : > > ...Although it blocks the file. > > > > > > > > No direct JSP access > > > > No-JSP > > *.jsp > > > > > > no-users > > > > > > > > > > Don't assign users to this role > > no-users > > > > > > > > WEB-INF/jsps/index.jsp > > > > > > On 16 June 2017 at 08:54, Lukasz Lenart wrote: > > > >> Great! I have added a ToC and pushed to the top :) > >> > >> http://struts.apache.org/security/ > >> > >> > >> Regards > >> -- > >> Łukasz > >> + 48 606 323 122 http://www.lenart.org.pl/ > >> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > >> For additional commands, e-mail: dev-h...@struts.apache.org > >> > >> > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: struts-site git commit: update security page
Did you test that? I think ignore security constraints ... or maybe it was just Jetty ;) 2017-06-16 10:50 GMT+02:00 Greg Huber: > ...Although it blocks the file. > > > > No direct JSP access > > No-JSP > *.jsp > > > no-users > > > > > Don't assign users to this role > no-users > > > > WEB-INF/jsps/index.jsp > > > On 16 June 2017 at 08:54, Lukasz Lenart wrote: > >> Great! I have added a ToC and pushed to the top :) >> >> http://struts.apache.org/security/ >> >> >> Regards >> -- >> Łukasz >> + 48 606 323 122 http://www.lenart.org.pl/ >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org >> For additional commands, e-mail: dev-h...@struts.apache.org >> >> - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: struts-site git commit: update security page
...Although it blocks the file. No direct JSP access No-JSP *.jsp no-users Don't assign users to this role no-users WEB-INF/jsps/index.jsp On 16 June 2017 at 08:54, Lukasz Lenartwrote: > Great! I have added a ToC and pushed to the top :) > > http://struts.apache.org/security/ > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: struts-site git commit: update security page
Thanks, good to know. On 16 June 2017 at 08:54, Lukasz Lenartwrote: > Great! I have added a ToC and pushed to the top :) > > http://struts.apache.org/security/ > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
Re: struts-site git commit: update security page
Great! I have added a ToC and pushed to the top :) http://struts.apache.org/security/ Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org