I tried this within my WSAD 4.0.3 test environment, it doesn't work, no any effect to any jsp files.
I don't know if I need to configure my WSAD but I thought this is a normal J2EE standard, which is not true in WSAD. David ----- Original Message ----- From: "Pingili, Madhupal" <[EMAIL PROTECTED]> Date: Thursday, June 19, 2003 1:55 pm Subject: RE: block direct access to JSP files > Hi, > I found a thread related to this: subject: Protecting JSPs using > security-constraint > Basically, the solution suggested was: > <security-constraint> > <web-resource-collection> > <web-resource-name>SecureAllJSPs</web-resource- name> > <url-pattern>*.jsp</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>nobody</role-name> > > </security-constraint> > > <security-role> > <role-name>nobody</role-name> > </security-role> > > or <security-role> > <role-name>*</role-name> > </security-role> > > Thanks to David Graham and Mick Knutson > > Regards, > Reddy > > > > -----Original Message----- > > From: Emmanuel Feller [SMTP:[EMAIL PROTECTED] > > Sent: Thursday, June 19, 2003 1:43 PM > > To: Struts Users Mailing List; [EMAIL PROTECTED] > > Subject: Re: block direct access to JSP files > > > > Hi, > > > > You may put all your jsp under the WEB-INF directory, so > > they are not available for user. But the application still > > work, because all navigation is done by the struts > > controler. It is simple and work fine with all app server. > > > > You must change your struts-config.xml to reflect the > > changes of target for all your forward. It should be done by > > find/replace ... > > > > Regards, > > Emmanuel > > ----- Message d'origine ----- > > De : "Takfung Chan" <[EMAIL PROTECTED]> > > ä : "Struts Users Mailing List" > > <[EMAIL PROTECTED]> > > Envoyé : jeudi 19 juin 2003 18:10 > > Objet : block direct access to JSP files > > > > > > > Hi, > > > I have a Struts based application and would like to block > > all direct > > > access to JSP files by user, so if a user typing a URL > > point to a JSP > > > file directly, it will fail. I did a change to web.xml but > > not working > > > on Websphere 4.0.3 (I should post to websphere news group > > but I hope > > > some one here already did the same thing) > > > here is my web.xml config relate to this web resource > > protection, It > > > works fine on tomcat, but never in Websphere, any idea? > > > > > > <security-constraint> > > > <web-resource-collection> > > > <web-resource-name>blockJSPDirectAccess</web-resource- > > > name> > > > <description>to block JSP direct access</description> > > > <url-pattern>*.jsp</url-pattern> > > > </web-resource-collection> > > > <auth-constraint> > > > <description></description> > > > <role-name></role-name> > > > > > > </security-constraint> > > > > > > > > > > > > > > > ---------------------------------------------------------- > > ----------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > ----------------------------------------------------------------- > ---- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
