Maya Muchnik wrote: > One way, as I know, is to put all jsp, except index.jsp (or similar start up) > under a protected directory. For Tomcat the secure directory is setup in web.xml > (see web.xml for webapps/example, directory is example/jsp/security/protected). > See also Tomcat instruction (I need refresh my memory myself). > Using container-managed security in this way is indeed portable. A second portable mechanism (assuming that your container works correctly per the servlet spec) is to put your JSP pages under WEB-INF. This works because the servlet container is prohibited from allowing a client to access these JSP pages directly -- but it is entirely legal to do a RequestDispatcher.include() or RequestDispatcher.forward() call to access them, as Struts does when you forward to the appropriate page. Craig
- Why should you call JSP pages directly? Jens Rehp�hler
- Re: Why should you call JSP pages directly? Maya Muchnik
- Re: Why should you call JSP pages directly? Jens Rehp�hler
- Re: Why should you call JSP pages directl... Maya Muchnik
- Re: Why should you call JSP pages dir... John Raley
- Re: Why should you call JSP page... Maya Muchnik
- HTTPClient vs java.net.URLCo... Maya Muchnik
- Re: HTTPClient vs java.n... Eric
- Re: HTTPClient vs java.n... Incze Lajos
- Re: Why should you call JSP ... Craig R. McClanahan
- Re: Why should you call ... Chris Bartley
- Re: Why should you call ... Craig R. McClanahan
- Re: Why should you call ... Luke Taylor
- Re: Why should you call ... Craig R. McClanahan
- Re: Why should you call ... Incze Lajos
- Re: Why should you call ... Jens Rehp�hler
- Re: Why should you call ... Craig R. McClanahan
- Re: Why should you call JSP pages directly? Martin Smith
