Hello. I've searched the archives on this subject, but the nearest I've reached has been some posts about not serving static content. It's a bit of a surprise that no one has asked this before, so sorry if it is a recurrent question.
I want Tomcat (4) to execute JSPs as usual, but prevent it from running the files that are under a certain directory for security reasons. These files can be published by external people and are supposed to be static, but if some mischievous publisher posts a JSP and it is executed then there can be havoc. Apart from preventing the publishing of files with that extension, is there a possible configuration that can be set up? I've tried mapping requests to that dir to the default servlet in web.xml, but 404 errors are returned (why??), and some other wierd things like using an intermediate servlet that forwards to the default servlet through its named request dispatcher (the forward method does not seem to do anything when using the dault servlet, while any other seems to work) or setting up a separate context for that dir and forward requests to the context, which maps *.jsp to the default context (I'll skip the details), but I can't find the solution... What astonishes me more is that forwarding or mapping to the default servlet does not work, but anyway I must be doing something wrong... Thank you very much, Albert. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
