Your technique is powerful but the problem is that it even prevented
index.jsp from display as well.  Is there ways to work around?



-----Original Message-----
From: David Graham [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 13, 2003 9:54 AM
To: [EMAIL PROTECTED]
Subject: Re: Controlling Direct Access to jsp pages

Put this security info at the bottom of your web.xml to prevent access to 
any *.jsp file:

<security-constraint>
                <web-resource-collection>
                        <web-resource-name>SecureAllJSPs</web-resource-name>
                        <url-pattern>*.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>nobody</role-name>
                </auth-constraint>
        </security-constraint>

        <security-role>
                <description>No one should be put in this
role.</description>
                <role-name>nobody</role-name>
    </security-role>


David






>From: "Colquhoun, Adrian" <[EMAIL PROTECTED]>
>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
>Subject: Controlling Direct Access to jsp pages
>Date: Mon, 13 Jan 2003 15:40:45 -0000
>
>
>Hi
>
>If I have three pages in my view layer that must be called in sequence e.g.
>
>  - step1.jsp then
>  - step2.jsp then
>  - step3.jsp
>
>  How do I ensure that my users do not call step2 and step3 directly via a
>web browser.  Do I need to use a custom tag in pages 2 and 3 to check this
>or is there some way to force all requests for .jsp pages in my application
>to route via the ActionServlet
>
>Thanks
>
>Adrian
>
>
>=======================================================================
>Information in this email and any attachments are confidential, and may
>not be copied or used by anyone other than the addressee, nor disclosed
>to any third party without our permission.  There is no intention to
>create any legally binding contract or other commitment through the use
>of this email.
>
>Experian Limited (registration number 653331).
>Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF
>
>--
>To unsubscribe, e-mail:   
><mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: 
><mailto:[EMAIL PROTECTED]>


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE* 
http://join.msn.com/?page=features/virus


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


_________________________________________________________________________
Introducing the all new and improved continental.com.  With a totally new 
personalized design, it's the best place to go. Before you go.

Continental Airlines. Work Hard. Fly Right.

http://www.continental.com


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to