----- Original Message -----
From: "Leo Donahue - PLANDEVX" <leodona...@mail.maricopa.gov>
To: "'Tomcat Users List'" <users@tomcat.apache.org>
Sent: Friday, September 10, 2010 10:13 AM
Subject: WEB-INF
I've read that you can secure direct access to a JSP by placing it in the
WEB-INF directory. I know you can also secure direct access to a JSP by
creating a security constraint using URL patterns and assigning role names
that do not exist.
I've also "heard" that when you secure a URL using a security constraint,
that you are not securing the "resource".
Most of the time I struggle with the semantics of the words people choose to
use when discussing certain points.
Is there a difference between securing the URL and securing the "resource"?
Leo Donahue
----------------------------------------------------------------
Leo, what do you mean "direct access to a JSP"? You get direct access to any
JSP if you specify the URL.
Michel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
