all you *.jsp pages. The sessions will controll the flow of
the application.
ex: <%@ include file="Secrity_stuff.jsp" %>
This is common in writing applications.
Robert Taylor wrote:
Thanks Hassan. I didn't realize that was added to the 2.4 spec.
Thanks for pointing that out.
Even so, it would be nice to know how to use CMS to achieve this.
Maybe a better way to form the question would be how do I use CMS to protect .jsp pages from direct access and return a user friendly page/message when a .jsp page is requested without going through the controller?
/robert
-----Original Message----- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 2:21 PM To: Tomcat Users List Subject: Re: [newbie] Container Managed Security - preventing direct access to .jsp
Robert Taylor wrote:
Please let me know if this questions is just too obvious
and I'll gladly RTFM...
See below :-)
It just seems like a common idiom to provide a portable mechanism
for protecting direct access to .jsp so as to enforce access through
some controller. I have in the past placed .jsp files "behind" WEB-INF,
but I don't believe that is portable and would like to use CMS to achieve
this.
Given that the Java" Servlet Specification Version 2.4, page 70 sez:
A special directory exists within the application hierarchy named WEB-INF. This directory contains all things related to the application that aren't in the document root of the application. The WEB-INF node is not part of the public document tree of the application. No file contained in the WEB-INF directory may be served directly to a client by the container.
I don't know how much more "portable" you want it to be :-)
HTH! -- Hassan Schroeder ----------------------------- [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--
Dwayne A. Ghant Application Developer Temple University 215.204.5555 [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]