Better way to do this is keep all your .jsp files in the WEB-INF
directory. Files in the WEB-INF directory are not directly accessible
from a URL.
Regards,
Raj
janw wrote:
Hello,
I use myfaces with JSPs on Tomcat 5.5.17, the MyFaces extensionsFilter maps
to *.jsf.
How do I restrict the access to my *.jsp files?
Now, when the user enters in the url:
http://myserver.com/mywebapp/login.jsp
Tomcat prints on the screen something like
org.apache.jasper.JasperException: Exception in JSP: /login.jsp:16
followed by the stacktrace. I don't want this internal information to be
printed out.
How can I prevent the access?
Regards,
Jan
Extracts from my web.xml:
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<servlet>
<filter>
<filter-name>extensionsFilter</filter-name>
<filter-class>org.apache.myfaces.component.html.util.ExtensionsFilter</filter-class>
<init-param>
<description>Set the size limit for uploaded files. Format: 10 - 10 bytes
10k - 10 KB
10m - 10 MB 1g - 1 GB</description>
<param-name>uploadMaxFileSize</param-name>
<param-value>100m</param-value>
</init-param>
<init-param>
<description>Set the threshold size - files below this limit are stored
in memory,
files above this limit are stored on disk. Format: 10 - 10 bytes 10k
-
10 KB 10m - 10 MB 1g - 1 GB</description>
<param-name>uploadThresholdSize</param-name>
<param-value>100k</param-value>
</init-param>
</filter>
