> -----Original Message----- > From: Fenderbosch, Eric [mailto:[EMAIL PROTECTED] > > Is there a how-to on hiding JSPs in WEB-INF? I keep getting > 404 errors after moving them there. I google'd the problem, > but didn't really find a how-to, but did find a couple posts > that say this might be impossible with WebLogic 6.1. Can > anyone confirm or deny that?
This is one of those aspects that BEA interpreted a little differently than other vendors. The spec says (paraphrased) that you can't serve content from the WEB-INF directory. BEA took that to mean even "forward" references, but most other vendors allow that. The other strategy for protecting direct access to JSP urls, is adding a security constraint for all JSP pages, for the role "nobody". That will allow you to prevent direct URL references to JSP pages, but still allow forwards to them. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
