Well, then I think your next best bet is in the Tomcat 4.0 release which has
the new Filter and Valve features. My only knowledge of these is from one of
Craig McLanahan's posts, but if you check the spec, it will probably
describe them in detail. My understanding, is that these would allow you to
do exactly what you want - however, I don't know if you can wait that long
or if you are able to use the 4.0 milestone builds in your environment.
I think your next best bet is to disable the /servlet/ auto-mapping (I
believe this is a tomcat extention) which should prohibit access to the
stuff in WEB-INF/classes and lib (but sill allows access to all JSPs). Then
have all access to your servlets be through inclusion or direct execution.
I am not sure of the rules for direct executition so you may want to refer
to the spec to see if that is allowed.
Regards,
Paul
-----Original Message-----
From: John de la Garza [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 06, 2000 08:20 PM
To: [EMAIL PROTECTED]
Subject: RE: posting to servlets from a url
Yea, that is what I am currently doing...can't the server container handle
that for me?
Like only let the server posted or get from the servlets?
I wanted to avoid putting security code in every servlet, one by one.
-----Original Message-----
From: CPC Livelink Admin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 06, 2000 5:16 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: posting to servlets from a url
You could implement a simple locking mechanism. When you are about to
access one of your classes, set a session or request scoped bean or session
variable, and then in your servlets, check for that object, and then remove
it.
-----Original Message-----
From: John de la Garza [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 06, 2000 05:04 PM
To: Tomcat-Users (E-mail)
Subject: posting to servlets from a url
Is there some way I can make my server not allow users to type in URL's
directly to servlets in the WEB-INF/classes directory?
I only want these servlets to be accessed by my own jsp pages on my server.
