Re: calling actions directly

[Nathan Pitts]

I don't have experience with WebLogic (it's all opensource sw and no $$ 
around here), but I'll take your word for it.
-nathan

On Thursday, June 5, 2003, at 10:08 AM, Karr, David wrote:

Unfortunately, not all web containers will support this.  There was
apparent disagreement on the interpretation of the specification in 
this
area.  In particular, WebLogic does not support this.  I believe,
however, that in version 8.1 it's possible to do this, although I
believe you have to set some non-standard configuration flag.  I don't
know the details.

The alternative is to put all JSP pages into a security constraint on a
role that no user is set to.
-----Original Message-----
From: Nathan Pitts [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 8:02 AM
To: Struts Users Mailing List
Subject: Re: calling actions directly
Brian,

If you put all your jsp's inside a the WEB-INF directory, they will
not
be accessible directly -- only through an action.  I think this is
part
of the jsp specification that nothing can be directly served out of
this special directory..Otherwise, a user could pull up configuration
files that reside there -- web.xml for example.....For example, I have
a directory structure containing jsp's under WEB-INF/jsp in my current
web application....Hope this helps!
--nathan
On Thursday, June 5, 2003, at 09:47 AM, Brian McSweeney wrote:

Ah yes,

Perhaps what you're thinking of is that JSP files should not be
called
directly or bookmarked. They should be hidden from the user
completely,
and
only accessible through an action.
that was it - sorry - stupid of me.
Could you tell me how to secure the jsps so that they are only a
result of
the action?
cheers,
Brian
----- Original Message -----
From: "Kruse, Matt" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, June 05, 2003 3:12 PM
Subject: RE: calling actions directly

I read that one of the things about struts is the actions are
only able to be called from the pages directly. Ie, you
shouldn't be able to bookmark the actions themselves like:
http://myhost/myaction.do
Where did you hear this? That's totally not true - any action can
be
called
directly as long as it has a mapping. It's just a URL. Otherwise,
how
would
you enter the first action? :)

Perhaps what you're thinking of is that JSP files should not be
called
directly or bookmarked. They should be hidden from the user
completely,
and
only accessible through an action.

Matt Kruse





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



=============================
Nathan Pitts
Programmer Analyst
Texas Animal Health Commission
=============================
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



=============================
Nathan Pitts
Programmer Analyst
Texas Animal Health Commission
=============================
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]