Right, I'm running Websphere and we couldn't get it to work. However, I just upgraded to version 5. Does anyone know if changes in v5 allow the web-inf trick to work?
Keith Kamholz Programming and Architecture Moog Inc. Phone: (716) 687-7001 -----Original Message----- From: Karr, David [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 11:09 AM To: Struts Users Mailing List Subject: RE: calling actions directly Unfortunately, not all web containers will support this. There was apparent disagreement on the interpretation of the specification in this area. In particular, WebLogic does not support this. I believe, however, that in version 8.1 it's possible to do this, although I believe you have to set some non-standard configuration flag. I don't know the details. The alternative is to put all JSP pages into a security constraint on a role that no user is set to. > -----Original Message----- > From: Nathan Pitts [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 05, 2003 8:02 AM > To: Struts Users Mailing List > Subject: Re: calling actions directly > > Brian, > > If you put all your jsp's inside a the WEB-INF directory, they will not > be accessible directly -- only through an action. I think this is part > of the jsp specification that nothing can be directly served out of > this special directory..Otherwise, a user could pull up configuration > files that reside there -- web.xml for example.....For example, I have > a directory structure containing jsp's under WEB-INF/jsp in my current > web application....Hope this helps! > --nathan > > > On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote: > > > Ah yes, > > > >> Perhaps what you're thinking of is that JSP files should not be called > >> directly or bookmarked. They should be hidden from the user > >> completely, > > and > >> only accessible through an action. > > > > that was it - sorry - stupid of me. > > Could you tell me how to secure the jsps so that they are only a > > result of > > the action? > > cheers, > > Brian > > > > > > ----- Original Message ----- > > From: "Kruse, Matt" <[EMAIL PROTECTED]> > > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > Sent: Thursday, June 05, 2003 3:12 PM > > Subject: RE: calling actions directly > > > > > >>> I read that one of the things about struts is the actions are > >>> only able to be called from the pages directly. Ie, you > >>> shouldn't be able to bookmark the actions themselves like: > >>> http://myhost/myaction.do > >> > >> Where did you hear this? That's totally not true - any action can be > > called > >> directly as long as it has a mapping. It's just a URL. Otherwise, how > > would > >> you enter the first action? :) > >> > >> Perhaps what you're thinking of is that JSP files should not be called > >> directly or bookmarked. They should be hidden from the user > >> completely, > > and > >> only accessible through an action. > >> > >> Matt Kruse > >> > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > ============================= > Nathan Pitts > Programmer Analyst > Texas Animal Health Commission > ============================= > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
