This was to make things easier (I don't have this kind of trouble since I'm used to JAAS/role protect my jsp files...).
Vince -----Original Message----- From: Julio Cesar C Neto [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 2:24 PM To: 'Struts Users Mailing List'; [EMAIL PROTECTED] Subject: RES: Problem: Struts+Modules+jsps under WEB-INF Hi, If I use this way, app/img/ app/css/ app/WEB-INF/lib app/WEB-INF/classes app/common/ app/common/mainScreen.jsp app/test.jsp How can I protect my JSP from being accessed directly? Julio Cesar -----Mensagem original----- De: edgar [mailto:[EMAIL PROTECTED]] Enviada em: terça-feira, 3 de dezembro de 2002 10:24 Para: 'Struts Users Mailing List' Assunto: RE: Problem: Struts+Modules+jsps under WEB-INF If you make common invisible to the web, i.e. http://<yourdomain>/common/<yourjsp>.jsp is invalid then I agree. Otherwise you are risking shortcuts bypassing the action classes. If you have jsp's that are directly executable by all means put them in a public space. Edgar -----Original Message----- From: Vincent PROSPER [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 8:06 AM To: 'Struts Users Mailing List'; 'Maciej Kołodziej' Subject: RE: Problem: Struts+Modules+jsps under WEB-INF To my understanding: 1. Put something like <action forward="/mainScreen.jsp"... (if I were you, I wouldn't put any jsp file under WEB-INF, only TLD, XML and external JARs. common is automatically added as the subapp prefix by the subapp controller handling your stuts-config-common.xml, and jsp has nothing to do with your issue here since you put it in "app/WEB-INF/common/mainScreen.jsp" which contains no 'jsp' directory). 2. you're right, your module name is used as a prefix (this is the way subapps work, no way to change this to my knowledge) 3. when putting your test.do directly in your struts-config.xml, you're not in any subapp, so the corresponding struts action behaves as usual. I guess you should have something like: app/img/ app/css/ app/WEB-INF/lib app/WEB-INF/classes app/common/ app/common/mainScreen.jsp app/test.jsp Hope this helps. Vince -----Original Message----- From: Maciej Kołodziej [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 1:44 PM To: struts-user Subject: Problem: Struts+Modules+jsps under WEB-INF Hi, I started developing an application with Jakarta Struts 1.1. I decided to build it using multiple modules (sub-apps) and also hide all jsps under WEB-INF. Thus my application structure looks like this: app/img/ app/css/ app/WEB-INF/ app/WEB-INF/classes/ app/WEB-INF/lib/ app/WEB-INF/jsp/ app/WEB-INF/common/ app/WEB-INF/common/mainScreen.jsp ... Now I create an action in stuts-config-common.xml and define it like this: <action forward="/WEB-INF/jsp/common/mainScreen.jsp" path="/test" scope="request" unknown="false" validate="false"/> When I want to fire this action I have to type for ex.: http://localhost:8080/app/common/main.do But then I get a message: type Status report message /common/WEB-INF/jsp/common/mainScreen.jsp ^^^^^^^^ description The requested resource (/common/WEB-INF/jsp/common/mainScreen.jsp) is not available. So the module name is used as context(?) and inserted also before WEB-INF. Why? I don't need this. The module name should be put after jsp, as it is, but not before WEB-INF! If I create another action test.do and put in in default module (not common) this doesn't happen. Supposedly because context then is / not /common. How do I solve this? -- MK -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.422 / Virus Database: 237 - Release Date: 20/11/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.422 / Virus Database: 237 - Release Date: 20/11/2002 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>