Thanks a lot. I copied the jsps inside the WEB-INF and changed the path in the servlet accordingly.
N goel Tim Funk wrote: > The easiest way is to place your jsps inside of your WEB-INF directory. > > Otherwise - if you are using apache in front of tomcat there are > directives which can do that. > > Otherwise - You can create a security constraint which nobody has access > to. (Configured in web.xml) > > -Tim > > Nihita Goel wrote: > > I have an application where I have a single controller servet receiving > > requests and then calling the appropriate jsp pages. I have Java classes > > to be used by both the servlet and jsp's. These Java Bean clasees are > > for database interaction. I also need to maintain session. I am using > > these Java Beans with application scope. The general flow is: > > 1. The controller servlet receives the request. > > 2. Checks for the session state using session object.// Basically > > validates if the user is logged -in > > 3. Instantiate the bean class and get setter methods of java Beans to > > fetch data from database.// application scope. > > 4. If user is logged -in calls the appropriate JSP Page > > 5. The JSP Page display the information using the Bean. > > > > The problem is - it seems to be working fine if the user follows the > > normal flow. However if he directly goes and access the jsp page thru > > the url he is still able to get it. > > > > How do I configure TomCat to disallow access to the directory where I am > > keeping the jsp pages. > > > > I am using Tomcat 4.1.18. > > > > Any other idea ?? > > Regards > > N-Goel > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
