But in that case the css, images, js is compromised rite? What if I want all to be secured?
Regards, --------------------------------------------------------- Girish Naik Mobile:-+91-09740091638 girish.n...@gmail.com Fran Lebowitz<http://www.brainyquote.com/quotes/authors/f/fran_lebowitz.html> - "Life is something to do when you can't get to sleep." On Fri, Jun 19, 2009 at 7:15 PM, Greg Lindholm <greg.lindh...@gmail.com>wrote: > > I tried putting the below string in web.xml, but all my css, js from > the > > application got blocked. But pages are coming. Is something missing or > some > > extra thing to be done? > > > > <security-constraint> > > <display-name>Prevent access to raw pages.</display-name> > > <web-resource-collection> > > <web-resource-name>Raw Pages</web-resource-name> > > <url-pattern>/struts/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <description>No roles, so no direct access</description> > > </auth-constraint> > > </security-constraint> > > > > > > > > Regards, > > --------------------------------------------------------- > > Girish Naik > > > > The way this security constraint works is it prevents direct access to the > area defined > by the <url-pattern>/struts/*</url-pattern> elements (you can have > multiple). In this case > we put our jsp files under /struts/ folder. > > You can name the folder whatever you like but only put jsp files in it. > You > need to put > your css and js file someplace else. > > Our typical layout for webroot is: > / > css/ > images/ > js/ > struts/ > WEB-INF/ >
