Re: How to prevent JSP files from being publicly directly accessible?

Lukasz Lenart Wed, 17 Feb 2010 23:42:19 -0800

2010/2/18 Cimballi <cimballi.cimba...@gmail.com>:
> The default pattern is to put all JSPs under WEB-INF and so you force
> the call to an action to access them.


As I know, it works only under Tomcat - it isn't standard. Better
solution is to use security constraint section in web.xml

<security-constraint>
  <display-name>Access to JSP files</display-name>
  <web-resource-name>JSP</web-resource-name>
  <web-resource-collection>
     <url-pattern>*.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint/>
</security-constraint>


Regards
-- 
Łukasz
http://www.lenart.org.pl/
Kapituła Javarsovia 2010
http://javarsovia.pl

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: How to prevent JSP files from being publicly directly accessible?

Reply via email to