Anyone know how to configure this in iPlanet Web Server 4.1+? Also, if anyone
knows how to do it in IIS, that would be good knowledge too!
Thanks,
Matt
--- Scott Wilson-Billing <[EMAIL PROTECTED]> wrote:
> I should have mentioned that the actual configuration goes in the web server
> conf (apache in the example I gave).
>
> Scott
> ----- Original Message -----
> From: "Scott Wilson-Billing" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, August 26, 2001 10:29 PM
> Subject: Re: Place all Java ServerPages below WEB-INF
>
>
> > NASApp is iPlanet's way of passing stuff from the web server to the web
> > container - it's used as a tag. Anything with NASApp in the URL is auto
> > forwared to the web container. Rules for denying access to stuff below
> > WEB-INF is normally configured in the web container. Maybe the iPlanet web
> > container needs configuring. Here's a Tomcat example:-
> >
> > #
> > # The following line prohibits users from directly accessing WEB-INF
> > #
> > <Location "/myApp/WEB-INF/">
> > AllowOverride None
> > deny from all
> > </Location>
> >
> > Scott Wilson-Billing
> >
> >
> > ----- Original Message -----
> > From: "Ted Husted" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Sunday, August 26, 2001 7:49 PM
> > Subject: Re: Place all Java ServerPages below WEB-INF
> >
> >
> > > That directory structure doesn't look quite right to me. Usually, the
> > > URL would be
> > >
> > > http://localhost/myApp/WEB-INF/pages/pageName.jsp
> > > [can't get there from here ;-)]
> > >
> > > where there may have been a myApp.war that deployed the application.
> > >
> > > -T.
> > >
> > > Matt Raible wrote:
> > > >
> > > > In Ted Husted's Catalog at http://husted.com/about/struts/catalog.htm,
> > he
> > > > states the following:
> > > >
> > > > Place all Java ServerPages below WEB-INF
> > > > The container provides security for all files below WEB-INF. This
> > applies to
> > > > client requests, but not forwards from the ActionServlet. Placing all
> > JSPs
> > > > below WEB-INF ensure that they are only accessed through Actions, and
> > not
> > > > directly by the client or each other. This allows security to be moved
> > up into
> > > > the Controller, where it can be handled more efficiently, and out of
> the
> > base
> > > > presentation layer.
> > > >
> > > > I have done this and put all my pages at WEB-INF/pages. However, I
> can
> > still
> > > > get to them by typing
> > http://localhost/NASApp/myApp/WEB-INF/pages/pageName.jsp
> > > > - so I don't see how "security is provided." Maybe it's an iPlanet
> > thing, but
> > > > here is my directory structure:
> > > >
> > > > APPS
> > > > - app
> > > > - wardir
> > > > - WEB-INF
> > > > - pages
> > > > - eardir
> > > >
> > > > Thanks,
> > > >
> > > > Matt
> > >
> >
> >
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
