Erik, Thanks. Sorry I haven't been clearer. The servlet does use request.include. I just added a try/catch to it and noticed that it fails when trying to include the file that I've put in WEB-INF. The error is "javax.servlet.ServletException: queries.jsp".
I would like to get a few things clear before I pursue filters, which I haven't used before. Is it true that any jsp file put in root directory will be accessible to anyone by just putting the url to it in browser? And if so do you or anyone else know if moving it to a protected folder should solve it. I know that's your theory. If it's correct then for now I'll pursue getting that to work. If not then I guess I'll need to take a closer look at filters. Thanks again, Ken -----Original Message----- From: Erik Price [mailto:[EMAIL PROTECTED]] Sent: Friday, February 21, 2003 11:51 AM To: Tomcat Users List Subject: Re: Mapping .jsp to controller servlet Januski, Ken wrote: > Hmm. I got a 404 error after moving one jsp file to WEB-INF and trying to > directly access it. That's not great but at least it prevents access. Worse > though is that when I then try to go to page after having logged in I get a > "root cause: file not found error". So it looks to me like you can't move > your .jsp files out of the root web-app directory. Can anyone shed any more > light on this? Oh, I didn't realize you were still trying to directly access the JSPs after login. I made the assumption that you were only using the "forward" method of RequestDispatcher to forward to those JSPs from your servlets. If you need to allow those JSPs to be directly accessed via HTTP requests, my solution won't work. Perhaps you can move them to a subfolder (not WEB-INF) and map a filter to it which only calls doFilterChain() if the user has a valid session and is "logged in"? If the subfolder was called "/protected", you could use the URL pattern "/protected/*" as your filter mapping. Erik --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
