/bea/message.jspa?messageID=202433201
Oh well...
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 5:55 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
access to .jsp
Robert Taylor wrote
Ping...
Please let me know if this questions is just too obvious
and I'll gladly RTFM...even more. And yes, I know this list
is not here just to serve _my_ interests.
It just seems like a common idiom to provide a portable mechanism
for protecting direct access to .jsp so as to enforce access
Filters are portable.
On Tue, 2004-12-14 at 12:32, Robert Taylor wrote:
Ping...
Please let me know if this questions is just too obvious
and I'll gladly RTFM...even more. And yes, I know this list
is not here just to serve _my_ interests.
It just seems like a common idiom to provide a
Robert Taylor wrote:
Please let me know if this questions is just too obvious
and I'll gladly RTFM...
See below :-)
It just seems like a common idiom to provide a portable mechanism
for protecting direct access to .jsp so as to enforce access through
some controller. I have in the past placed .jsp
page/message when a .jsp page is requested without going through
the controller?
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 2:21 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing
I have not run into that kind of problem before... typically if you hit
a JSP without hitting its controller first you will just get nothing (an
HTML screen with no data). when it gets routed back to the controller,
it will then register a failure due to lack of data. Problem solved.
[EMAIL
, December 14, 2004 5:07 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
access to .jsp
Robert Taylor wrote:
I didn't realize that was added to the 2.4 spec.
It was in 2.3, too. I'd guess it was in the spec from the get-go,
but don't have an older
Robert Taylor wrote:
Does this not imply that I can do what I am trying to do?
I suppose; I'm just baffled why you want to reinvent this particular
built-in wheel, but don't let that stop you :-)
--
Hassan Schroeder - [EMAIL PROTECTED]
Webtuitive Design === (+1)
example:
http://forums.bea.com/bea/message.jspa?messageID=202433201
Oh well...
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 5:55 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
a .jsp page is requested without going through
the controller?
/robert
-Original Message-
From: Hassan Schroeder [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 14, 2004 2:21 PM
To: Tomcat Users List
Subject: Re: [newbie] Container Managed Security - preventing direct
access to .jsp
Robert Taylor wrote:
I didn't realize that was added to the 2.4 spec.
It was in 2.3, too. I'd guess it was in the spec from the get-go,
but don't have an older copy to hand to confirm.
Even so, it would be nice to know how to use CMS to achieve this.
What is your definition of Container Managed
From: Hassan Schroeder [EMAIL PROTECTED]
Given that the Java Servlet Specification Version 2.4, page 70 sez:
A special directory exists within the application hierarchy
named WEB-INF. This directory contains all things related to
the application that aren't in the document root of the
It appears that there is no standard way to do this even though
it's implied in the spec.
I don't know how standard this is but it works.
The trick is in the auth-constraint node (note the commented out
role-name).
Since it is exclusive. Not declaring a role-name for the protected
resource
Sorry. I left off some info:
Tomcat 5.0.25
Win2k
JDK1.4.2
/robert
-Original Message-
From: Robert Taylor [mailto:[EMAIL PROTECTED]
Sent: Monday, December 13, 2004 8:59 PM
To: [EMAIL PROTECTED]
Subject: [newbie] Container Managed Security - preventing direct access
to .jsp
14 matches
Mail list logo
