Ah , so the scripts should only be accessible by browsers of logged in users? If your using Servlet API 2.3 , an alternative to Nicolas' suggestion would be to create a filter that inctercepts requests to the scripts and images and only allows through requests that are authenticated. (btw: If your supporting non-cookie enabled browsers in this scenario be sure to rewrite the urls for the images and scripts so that sessionId is encoded! (Not necessary if anyone can access the scripts without authentication))
-----Original Message----- From: Nicolas De Loof [mailto:[EMAIL PROTECTED] Sent: Thursday, 13 March 2003 20:26 To: Struts Users Mailing List; [EMAIL PROTECTED] Subject: Re: JSP's behind WEB-INF no access to img/scripts Sory, I didn't well understand what you're looking for. You can create a servlet that looks for authentified user's session, user pathInfo to find the name of a ressource, looks for it in WEB-INF, and put it's content as binary in the response. Add a mapping to this servlet like "/images/*" -> servlet When an authentified user looks for "/images/foo/bar.gif" your servlet will have to search for /foo/bar.gif in WEB-INF and send it's binary content as response (with correct content-type header) Nico. > Surely the idea would be to have the JSPs behind webinf , but leave the > images & scripts above it so they can be accessed? > > -----Original Message----- > From: Johan Wasserman [mailto:[EMAIL PROTECTED] > Sent: Thursday, 13 March 2003 20:03 > To: [EMAIL PROTECTED] > Subject: JSP's behind WEB-INF no access to img/scripts > > > Hi, I have my JSP's behind WEB-INF, is there a way of mapping other > directories behind WEB-INF so that the images and scripts included on my > JSP's can be accessed from there as well. It's OK having the JSP's > there to stop external forces from accessing them directly but now they > can still access my images and scripts directly. > > Regards, > Johan Wasserman > > > -------------------------------------------------------------------- - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
