test.html
=======================
<html>
<a href="test.jsp">test.jsp</a>
</html>
test.jsp
=======================
<%=request.getHeader("REFERER")%>
On Wed, 2004-11-10 at 08:17, Paul Taylor wrote:
> please how do I do that ?
> Ben Souther wrote:
>
> >You could check the referrer header to make sure that the request came
> >from start.jsp
> >
> >
> >
> >On Wed, 2004-11-10 at 07:57, Paul Taylor wrote:
> >
> >
> >>Point taken regarding images.
> >>
> >>But is this the only way to protect jsp ?
> >>I have a directory structure as follows
> >>/jsp/feedback/start.jsp
> >>/jsp/feedback/finish.jsp
> >>
> >>I want them to be able to bookmark start.jsp and access it either
> >>through the interface or directly from the url. but I dont want them to
> >>access
> >>finish.jsp directly because it doesnt make any sense as it is is only
> >>shown after processing start.jsp.
> >>
> >> From what your saying I would have to either do
> >>/WEB-INF/feedback/start.jsp
> >>/WEB-INF/feedback/finish.jsp
> >>which would mean they couldnt bookmark anything
> >>
> >>or do
> >>/jsp/feedback/start.jsp
> >>/WEB-INF/feedback/finish.jsp
> >>
> >>which screws up my links and stuff, meaning quite alot of rework and
> >>stuff over the whole site.
> >>
> >>On a similar note, some of my jsps calls a servlet. In my web.xml it is
> >>defined and url mapped as follows
> >> <servlet>
> >> <servlet-name>Controller</servlet-name>
> >> <servlet-class>com.myapp.Controller</servlet-class>
> >> <load-on-startup>0</load-on-startup>
> >> </servlet>
> >> <servlet-mapping>
> >> <servlet-name>Controller</servlet-name>
> >> <url-pattern>/controller</url-pattern>
> >> </servlet-mapping>
> >>
> >>My jsp would then call
> >><form name="feedbackform2" method="post"
> >>action="<%=request.getContextPath()%>/controller">
> >>to call the servlet
> >>
> >>the trouble is the user can type directly into the url
> >>localhost:8080/myapp/controller
> >>
> >>and call the servlet ot of context how do I stop that ?
> >>
> >>
> >>
> >>
> >>
> >>Tim Funk wrote:
> >>
> >>
> >>
> >>>You can't prevent images from being taken.
> >>>
> >>>As for JSP's. Move them to your WEB-INF directory. Then use a servlet
> >>>to validate the incoming parameters and then forward to the JSP.
> >>>
> >>>-Tim
> >>>
> >>>
> >>>Paul Taylor wrote:
> >>>
> >>>
> >>>
> >>>>Thanks works a treat
> >>>>
> >>>>Is there a similar way to prevent the user typing in the url of a
> >>>>partciuar jsp or image and stop them being taken it. Ive looked at
> >>>>security-constraints but this seems to be based on only
> >>>>certain/logged in users gaining access. I have no concept of logged
> >>>>users in my application but I only want them to access pages via the
> >>>>interface rather than the url except for a few pages which they can
> >>>>access via url to allow them to bookmark them.
> >>>>
> >>>>Shapira, Yoav wrote:
> >>>>
> >>>>
> >>>>
> >>>>>Hi,
> >>>>>Add a listings parameter to the DefaultServlet in conf/web.xml with a
> >>>>>param-value of false. IIRC.
> >>>>>
> >>>>>Yoav Shapira http://www.yoavshapira.com
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >
> >
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
