Ben,
I'm using exactly the same architecture and have Apache up front, so
I'm planning to put my jsps in a sub-dir JSP of their own and then use
<Location "/JSP/">
AllowOverride none
deny from all
</Location>
in my Apache Virtual Host definition
. . . but I have not got that far yet, so can't say that it works.
Haven't seen a tomcat-only way of doing this.
Chris Haynes
Evesham
England
----- Original Message -----
From: "Ben Flaumenhaft" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 28, 2001 12:28 AM
Subject: Hiding a jsp file from public access?
> Folks,
>
> Is there anything in Tomcat or in the .war file specification to
deny
> non-forwarded access to a JSP? Where's the appropriate place to do
this?
>
> I'm using the MVC, or so-called model 2 approach, where a servlet
prepares
> and then forwards to a JSP. Users should NOT be able to ask for the
JSP,
> only the servlet (because the servlet needs to prepare context,
check
> security, etc.). What's the correct way?
>
> Thanks,
> Ben Flaumenhaft
> Principal, Sidelight Consulting
> http://www.sidelight.com
>
>
>
> --------------------------------------------------------------------
-
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
