RE: Security constraint not working

Thu, 14 Jul 2005 13:50:52 -0700 

Erik:

Doh!  I guess I did not copy the whole thing.

Thanks for the help.

        Neil


--
Neil Aggarwal, JAMM Consulting, (214) 986-3533, www.JAMMConsulting.com
FREE! Valuable info on how your business can reduce operating costs by
17% or more in 6 months or less! http://newsletter.JAMMConsulting.com

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, July 14, 2005 3:42 PM
> To: Struts Users Mailing List
> Subject: Re: Security constraint not working
> 
> 
> Shouldn't there be an authconstraint in there?
> 
> <auth-constraint/>, or something like that? Can't remember exactly.
> 
> Looks to me like you have defined the resource but not 
> declared who (in this case nobody) has access to it.
> 
> Erik
> 
> 
> -----Original Message-----
> From: Neil Aggarwal <[EMAIL PROTECTED]>
> Sent: Jul 14, 2005 3:48 PM
> To: 'Struts Users Mailing List' <user@struts.apache.org>
> Subject: Security constraint not working
> 
> Hello:
> 
> According to this page:
> http://www.javaworld.com/javaworld/jw-09-2004/jw-0913-struts.html
> 
> In order to prevent people of accessing jsp pages directly
> without using my struts controller, I added this to my web.xml:
> 
>   <!-- Do not allow users to load jsps directly -->
>   <security-constraint>
>     <web-resource-collection>
>       <web-resource-name>no_access</web-resource-name>
>       <url-pattern>*.jsp</url-pattern>
>     </web-resource-collection>
>   </security-constraint>
> 
> I added it and I can still load a page with the url
> to the jsp.  Here is an example:
> 
> http://dev.rentclubs.com/rentclubs/howWeStarted.jsp
> 
> Any ideas?
> 
> Thanks,
>       Neil
> 
> --
> Neil Aggarwal, JAMM Consulting, (214) 986-3533, www.JAMMConsulting.com
> FREE! Valuable info on how your business can reduce operating costs by
> 17% or more in 6 months or less! http://newsletter.JAMMConsulting.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to