Hi,
I found a thread related to this: subject: Protecting JSPs using
security-constraint
Basically, the solution suggested was:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureAllJSPs</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>nobody</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>nobody</role-name>
</security-role>
or <security-role>
<role-name>*</role-name>
</security-role>
Thanks to David Graham and Mick Knutson
Regards,
Reddy
> -----Original Message-----
> From: Emmanuel Feller [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2003 1:43 PM
> To: Struts Users Mailing List; [EMAIL PROTECTED]
> Subject: Re: block direct access to JSP files
>
> Hi,
>
> You may put all your jsp under the WEB-INF directory, so
> they are not available for user. But the application still
> work, because all navigation is done by the struts
> controler. It is simple and work fine with all app server.
>
> You must change your struts-config.xml to reflect the
> changes of target for all your forward. It should be done by
> find/replace ...
>
> Regards,
> Emmanuel
> ----- Message d'origine -----
> De : "Takfung Chan" <[EMAIL PROTECTED]>
> À : "Struts Users Mailing List"
> <[EMAIL PROTECTED]>
> Envoyé : jeudi 19 juin 2003 18:10
> Objet : block direct access to JSP files
>
>
> > Hi,
> > I have a Struts based application and would like to block
> all direct
> > access to JSP files by user, so if a user typing a URL
> point to a JSP
> > file directly, it will fail. I did a change to web.xml but
> not working
> > on Websphere 4.0.3 (I should post to websphere news group
> but I hope
> > some one here already did the same thing)
> > here is my web.xml config relate to this web resource
> protection, It
> > works fine on tomcat, but never in Websphere, any idea?
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>blockJSPDirectAccess</web-resource-
> > name>
> > <description>to block JSP direct access</description>
> > <url-pattern>*.jsp</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <description></description>
> > <role-name></role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> >
> >
> >
> > ----------------------------------------------------------
> -----------
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
