Thanks Hassan. I didn't realize that was added to the 2.4 spec. Thanks for pointing that out.
Even so, it would be nice to know how to use CMS to achieve this. Maybe a better way to form the question would be how do I use CMS to protect .jsp pages from direct access and return a user friendly page/message when a .jsp page is requested without going through the controller? /robert > -----Original Message----- > From: Hassan Schroeder [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 14, 2004 2:21 PM > To: Tomcat Users List > Subject: Re: [newbie] Container Managed Security - preventing direct > access to .jsp > > > Robert Taylor wrote: > > > Please let me know if this questions is just too obvious > > and I'll gladly RTFM... > > See below :-) > > > It just seems like a common idiom to provide a portable mechanism > > for protecting direct access to .jsp so as to enforce access through > > some controller. I have in the past placed .jsp files "behind" WEB-INF, > > but I don't believe that is portable and would like to use CMS to achieve > > this. > > Given that the Java" Servlet Specification Version 2.4, page 70 sez: > > A special directory exists within the application hierarchy > named WEB-INF. This directory contains all things related to > the application that aren't in the document root of the > application. The WEB-INF node is not part of the public > document tree of the application. No file contained in the > WEB-INF directory may be served directly to a client by the > container. > > I don't know how much more "portable" you want it to be :-) > > HTH! > -- > Hassan Schroeder ----------------------------- [EMAIL PROTECTED] > Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com > > dream. code. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]