So you can either: <url-pattern>*.jsp</url-pattern> or <url-pattern>/foo/bar/*</url-pattern> or <url-pattern>/foo/bar/pre_*</url-pattern>
Where you rename all your files which need protected to a prefix like pre_foo.jsp.
OR you can use apache and use a Location regular expression any ignore the tomcat config issues.
OR - (THE BEST WAY) - Move your jsp's under WEB-INF - then they are accessable only via a RequestDispatcher.forward() or (include which includes jsp:forward and jsp:include)
-Tim
Tim Davidson wrote:
Thanks. I googled for examples using secrity-constraint but with not much luck (just many people asking how to do it), and I've tried a few things but I'm not having much luck. something like:
<security-constraint>
<web-resource-collection> <web-resource-name>foo</web-resource-name> <description>prevent access to jsp's under bar directory in foo webapp</description> <url-pattern>/foo/bar/*.jsp</url-pattern> </web-resource-collection>
</security-constraint>
can you help?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
