Thanks for clearing some doubts: a) web.xml is indispensable.
b) Some claims about JSPs on the Internet are untrue. c) my how to book Mastering Tomcat Development is still current. Regards Z. https://www.backbutton.co.uk/ ¯\_(ツ)_/¯ ♡۶♡۶ ♡۶ Years of commercial experience in designing , developing your own framework can save you Weeks of learning a framework. Weeks of coding can save you hours of planning. On Tue, 15 Sep 2020, 06:59 Lukasz Lenart, <lukaszlen...@apache.org> wrote: > sob., 5 wrz 2020 o 19:44 Zahid Rahman <zahidr1...@gmail.com> napisał(a): > > > > Hi, > > > > Can I apply these same security features in struts2 which were applied in > > struts1 > > now that the use of web.xml TAGS is discouraged in favour of > annotations. > > > > > > *example deployment descriptor * > > *$CATALINA_HOME/webapps/examples/WEB-INF/web.xml* > > > > <security-constraint> > > <display-name> example Security Constraint <display-name> > > <web-resource-collection> > > <web-resource-name> Protected Web Area </web-resource-name> > > <!-- define the context relative URL (s) to be protected --> > > <url-pattern>/jsp/security/protected/*</url-pattern> > > <!-- if you list http methods, only those methods are protected -->. > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > <auth-constraint> > > <!-- Anyone with one of the listed roles may access this area --> > > Yes, you can and this is a good practice > https://struts.apache.org/security/#never-expose-jsp-files-directly > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >