DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16603>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16603 <controller> forwardPattern should support different module roots. [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement Priority|High |Medium Summary|internalModuleRelativeForwar|<controller> forwardPattern |d() does'nt treat module- |should support different |relative paths as defined by|module roots. |forwardPattern. | ------- Additional Comments From [EMAIL PROTECTED] 2003-02-05 17:07 ------- The real problem here is that the forwardPattern attribute of the <controller> struts-config element doesn't support arbitrary path names. It only supports prepending the module name to the path (signified by the $M). So, this becomes an enhancement request to allow forwardPattern to accept special tokens like $M *and* path names. This would allow the forwardPattern to look like this "/WEB-INF/my_modules/$M$P". Note that placing JSPs under WEB-INF is *not* portable across containers. A better solution is to define this security constraint in web.xml: <security-constraint> <web-resource-collection> <web-resource-name>SecureAllJSPs</web-resource-name> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <description> Protects all JSP files from direct access. Clients must go through the controller servlet. </description> <role-name>nobody</role-name> </auth-constraint> </security-constraint> <security-role> <description>No one should be put in this role.</description> <role-name>nobody</role-name> </security-role> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
