That's what I was afraid of. If I move them outside of WEB-INF and change my references, everything works correctly. WL 6.1 doesn't even implement the final 2.3 Servlet spec, I'll need to go to 7 or 8 for real 1.3 J2EE compliance. I had to code two additional methods in my Filter so that WebLogic would handled it. Thanks for the security constraint tip.
-----Original Message----- From: Karr, David [mailto:[EMAIL PROTECTED] Sent: Monday, September 29, 2003 15:51 To: Struts Users Mailing List Subject: RE: How-to hide JSPs in WEB-INF (OT?) > -----Original Message----- > From: Fenderbosch, Eric [mailto:[EMAIL PROTECTED] > > Is there a how-to on hiding JSPs in WEB-INF? I keep getting > 404 errors after moving them there. I google'd the problem, > but didn't really find a how-to, but did find a couple posts > that say this might be impossible with WebLogic 6.1. Can > anyone confirm or deny that? This is one of those aspects that BEA interpreted a little differently than other vendors. The spec says (paraphrased) that you can't serve content from the WEB-INF directory. BEA took that to mean even "forward" references, but most other vendors allow that. The other strategy for protecting direct access to JSP urls, is adding a security constraint for all JSP pages, for the role "nobody". That will allow you to prevent direct URL references to JSP pages, but still allow forwards to them. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
