> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] > Subject: WEB-INF
> I've read that you can secure direct access to a JSP > by placing it in the WEB-INF directory. That's an appropriate thing to do, not just for JSPs. > I know you can also secure direct access to a JSP by > creating a security constraint using URL patterns and > assigning role names that do not exist. Somewhat of an abuse of the authorization mechanism, but I suppose it works. Might be confusing for the next person to pick up the project. > I've also "heard" that when you secure a URL using > a security constraint, that you are not securing the > "resource". Someone's confused. > Is there a difference between securing the URL and > securing the "resource"? Quick quiz: what does the acronym "URL" stand for? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org