AW: How to prevent direct access to JSPs

Mon, 27 Nov 2006 06:06:46 -0800 

Hi Jan,

try this in your web.xml:


    <security-constraint>
      <display-name>
        Prevent access to raw JSP pages that are for JSF pages.
      </display-name>
      <web-resource-collection>
        <web-resource-name>Raw-JSF-JSP-Pages</web-resource-name>
        <!-- Add url-pattern for EACH raw JSP page -->
        <url-pattern>/login.jsp</url-pattern>
        <url-pattern>/myPage.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <description>No roles, so no direct access</description>
      </auth-constraint>
    </security-constraint>


Regards
Helmut

>
>Hello,
>
>I use myfaces with JSPs on Tomcat 5.5.17, the MyFaces extensionsFilter maps
>to *.jsf.
>How do I restrict the access to my *.jsp files?
>Now, when the user enters in the url:
>
>http://myserver.com/mywebapp/login.jsp
>
>Tomcat prints on the screen something like
>
>org.apache.jasper.JasperException: Exception in JSP: /login.jsp:16
>
>followed by the stacktrace. I don't want this internal information to be
>printed out.
>How can I prevent the access?
>
>Regards,
>Jan
>
>
>
>Extracts from my web.xml:
>
>
>
> <filter-mapping>
>  <filter-name>extensionsFilter</filter-name>
>  <url-pattern>*.jsf</url-pattern>
> </filter-mapping>
> <filter-mapping>
>  <filter-name>extensionsFilter</filter-name>
>  <url-pattern>/faces/*</url-pattern>
> </filter-mapping>
> <servlet>
>
>
>
> <filter>
>  <filter-name>extensionsFilter</filter-name>
> 
><filter-class>org.apache.myfaces.component.html.util.ExtensionsFilter</filter-c
>lass>
>  <init-param>
>   <description>Set the size limit for uploaded files. Format: 10 - 10 bytes
>10k - 10 KB
>        10m - 10 MB 1g - 1 GB</description>
>   <param-name>uploadMaxFileSize</param-name>
>   <param-value>100m</param-value>
>  </init-param>
>  <init-param>
>   <description>Set the threshold size - files below this limit are stored
>in memory,
>        files above this limit are stored on disk. Format: 10 - 10 bytes 10k
>-
>        10 KB 10m - 10 MB 1g - 1 GB</description>
>   <param-name>uploadThresholdSize</param-name>
>   <param-value>100k</param-value>
>  </init-param>
> </filter>
>-- 
>View this message in context: 
>http://www.nabble.com/How-to-prevent-direct-access-to-JSPs-tf2711803.html#a7560
>188
>Sent from the MyFaces - Users mailing list archive at Nabble.com.
>

Reply via email to