2013/6/29 john lee sh_thorn_b...@yahoo.com:
but, i try to access partxref {component(subset) } of parts, failed.
s:iterator id=part value=parts status=st
s:property value=pid/
s:property value=manufacture.manu_name/
I need to protect JSPs. Some options:
1. Put JSPs under WEB-INF and, optionally, use the conventions plugin.
2. Declare authorization constraints in web.xml.
3. Use some external tool, perhaps Spring Security.
4. Some other options.
Which is the best practice in Struts2?
Thanks.
Protecting JSP in what way?
Though putting them under WEB-INF is a good approach
But you need to provide more information about what kind of protection you want
to have
Sent from BlackBerry® on Airtel
-Original Message-
From: Antonio Sánchez juntandolin...@gmail.com
Date: Mon, 01 Jul
2013/7/1 Antonio Sánchez juntandolin...@gmail.com:
I need to protect JSPs. Some options:
1. Put JSPs under WEB-INF and, optionally, use the conventions plugin.
2. Declare authorization constraints in web.xml.
These two options are the best to avoid direct access to JSPs - not
all containers
What we've done is to create a filter (implement javax.servlet.Filter and
define it in web.xml )
and if the resource uri ends with .jsp we return an http 403 error.
Antonios
On 1 July 2013 09:38, Lukasz Lenart lukaszlen...@apache.org wrote:
2013/7/1 Antonio Sánchez juntandolin...@gmail.com:
What do you mean with 'fake' auth. constraints?
El Lunes, 1 de julio de 2013 10:38:56 Lukasz Lenart escribió:
2013/7/1 Antonio Sánchez juntandolin...@gmail.com:
I need to protect JSPs. Some options:
1. Put JSPs under WEB-INF and, optionally, use the conventions plugin.
2. Declare
I mean denying access to JSPs by URL or some other means. Make JSPs private
content.
El Lunes, 1 de julio de 2013 08:28:10 umeshawas...@gmail.com escribió:
Protecting JSP in what way?
Though putting them under WEB-INF is a good approach
But you need to provide more information about what
Filtering sounds good as well.
Security seems to be a separate concern to struts because it must be mostly
performed from the outside: web.xml, filtering, maybe Spring Security or other
tools,
etc...
Anyway I have missed some guidance in the documentation: feature request?
Also, I guess that
2013/7/1 Antonio Sánchez juntandolin...@gmail.com:
What do you mean with 'fake' auth. constraints?
security-constraint
display-nameNo access/display-name
web-resource-nameJSP/web-resource-name
web-resource-collection
url-pattern*.jsp/url-pattern
/web-resource-collection
Oh!, ok, thanks!
El Lunes, 1 de julio de 2013 11:05:01 Lukasz Lenart escribió:
2013/7/1 Antonio Sánchez juntandolin...@gmail.com:
What do you mean with 'fake' auth. constraints?
security-constraint
display-nameNo access/display-name
web-resource-nameJSP/web-resource-name
3 ways:
Basic authentication (implementing auth-constraint's mentioned by Lukasz)
Form based method implementing users(via principals) to grant access to web
resources(via roles)
Certificates which implement Name based authenticators (ADS or LDAP) with keys
to communicate via SSL
to HTTPS
I recently posted a question here regarding using tags that refer to a List
or an array structure in the action class, such as is depicted below.
I was told that I should be using indexed tags. Googling for that
specific phrase is not providing me with what that is and no joy in finding
it in the
have a look at that
http://commons.apache.org/proper/commons-ognl/language-guide.html
Antonios
On 1 July 2013 13:17, Eric Lentz ericle...@outfastsource.com wrote:
I recently posted a question here regarding using tags that refer to a List
or an array structure in the action class, such as is
I didn't say there *were* any, I said that's the solution to an
incorrectly-perceived problem with OGNL. S2 doesn't currently have strong
support for automatic list inputs or validation.
Dave
On Jul 1, 2013 8:18 AM, Eric Lentz ericle...@outfastsource.com wrote:
I recently posted a question
14 matches
Mail list logo