Erik
Januski, Ken wrote:
Yesterday I noticed that an application that has been running successfully
for about a year has a problem I've never noticed before. It's set up so
that all access to web-app is through a login method that calls a login.jsp
page from a controller servlet. So all requests to jsp pages get redirected
to the login page. But yesterday I noticed that if I included .jsp in the
address the controller servlet and the login.jsp are completely bypassed and
access is given to the jsp page.
I've also recently changed the login method to use JCIFS and authenticate
against NT domain controller rather than a mySQL database and I suppose it's
possible that the problem is actually there. In investigating this though
I've read that .jsp pages are public, which indicates to me that they CAN be
accessed directly. Can anyone tell me if this is true. In other words is
mapping .jsp to a servlet fruitless? If not then I guess I can conclude that
it's the login method that is failing not the mapping. I've included this in
my web.xml to force redirection of all .jsp page to the servlet but it seems
to have no effect.
The relevant portion of web.xml, mapped to servlet named 'sysadmin' further
up in web.xml.
<servlet-mapping>
<servlet-name>
sysadmin
</servlet-name>
<url-pattern>
.*jsp
</url-pattern>
</servlet-mapping>
Thanks for any info,
Ken
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
