You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Lee W <le...@unassemble.co.uk> on 2003/06/15 00:47:17 UTC
Stopping external access to jsp files
Hi Everyone,
After some good advise from members of this lists (thanks again) I have
started learning about servlets.
I have created a simple servlet that act as a controller in my webapp,
this is where all requests get sent to. However I have not been able to
find a way to stop users from getting to the .jsp files that the servlet
uses for the presentation element.
I know that I could use Tomcat along with Apache HTTP server to restrict
access to the JSP pages but I was wondering if anyone knew how to
specify in the web.xml file that users should not be able to get to the
jsp's but the servlets (and jsp's can access other jsp's via include or
forward). My reading of the docs on the tomcat website and by STW have
not yielded any suggestions.
Thanks again.
Regards
Lee
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Stopping external access to jsp files
Posted by Bill Barker <wb...@wilshire.com>.
The easiest way is to simply put the JSP pages that you want to deny direct
access to someplace under the WEB-INF directory. Direct access to anything
under this if forbidden, but your controller is still allowed to forward or
include.
A less good solution is to specify a security-constraint for these pages
that requires the role, say 'forbidden' (that no user actually has). The
drawback of this is that the user will be asked to login before being denied
access to the page. Of course, if your goal is to annoy hackers, you might
even prefer this one ;-).
"Lee W" <le...@unassemble.co.uk> wrote in message
news:3EEBA5F5.3030308@unassemble.co.uk...
> Hi Everyone,
>
> After some good advise from members of this lists (thanks again) I have
> started learning about servlets.
>
> I have created a simple servlet that act as a controller in my webapp,
> this is where all requests get sent to. However I have not been able to
> find a way to stop users from getting to the .jsp files that the servlet
> uses for the presentation element.
>
> I know that I could use Tomcat along with Apache HTTP server to restrict
> access to the JSP pages but I was wondering if anyone knew how to
> specify in the web.xml file that users should not be able to get to the
> jsp's but the servlets (and jsp's can access other jsp's via include or
> forward). My reading of the docs on the tomcat website and by STW have
> not yielded any suggestions.
>
> Thanks again.
>
> Regards
>
> Lee
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JSP refusing to respond, static html pages load up fine
Posted by John Turner <to...@johnturner.com>.
Wait, you have it running? What do you need the binary for?
John
On Sun, 15 Jun 2003 08:44:15 +0900, Wayne Chang <wc...@pnwsoft.com> wrote:
> Hi,
>
> Once in awhile I catch my website not responding to jsp's, but loading up
> html files fine. It would mysteriously appear, and just as mysterious,
> it
> would disappear after a few minutes. No restarting Apache/Tomcat or
> whatnot. System is RH9. Apache is 1.3.27, Tomcat is 1.4.1. I have a
> hunch
> it's mod_jk, but I'm not certain. I'm waiting for the binary to appear
> hopefully sometime soon so I can insert it into my setup. What do you
> guys
> think it is? Or where should I look to provide more information?
>
>
> Best regards,
>
> Wayne Chang
> Pacific Northwest Software
> Mobile: (978) 869-3446
> Email: wchang@pnwsoft.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
JSP refusing to respond, static html pages load up fine
Posted by Wayne Chang <wc...@pnwsoft.com>.
Hi,
Once in awhile I catch my website not responding to jsp's, but loading up
html files fine. It would mysteriously appear, and just as mysterious, it
would disappear after a few minutes. No restarting Apache/Tomcat or
whatnot. System is RH9. Apache is 1.3.27, Tomcat is 1.4.1. I have a hunch
it's mod_jk, but I'm not certain. I'm waiting for the binary to appear
hopefully sometime soon so I can insert it into my setup. What do you guys
think it is? Or where should I look to provide more information?
Best regards,
Wayne Chang
Pacific Northwest Software
Mobile: (978) 869-3446
Email: wchang@pnwsoft.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org