sob., 5 wrz 2020 o 19:44 Zahid Rahman <zahidr1...@gmail.com> napisał(a): > > Hi, > > Can I apply these same security features in struts2 which were applied in > struts1 > now that the use of web.xml TAGS is discouraged in favour of annotations. > > > *example deployment descriptor * > *$CATALINA_HOME/webapps/examples/WEB-INF/web.xml* > > <security-constraint> > <display-name> example Security Constraint <display-name> > <web-resource-collection> > <web-resource-name> Protected Web Area </web-resource-name> > <!-- define the context relative URL (s) to be protected --> > <url-pattern>/jsp/security/protected/*</url-pattern> > <!-- if you list http methods, only those methods are protected -->. > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <!-- Anyone with one of the listed roles may access this area -->
Yes, you can and this is a good practice https://struts.apache.org/security/#never-expose-jsp-files-directly Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
