You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Ashish Kulkarni <ku...@yahoo.com> on 2005/08/02 20:12:24 UTC
[OT]Blocking authority to access JSP - ignore previous mail
Hi
I have been trying to block access to jsp directly,
here is my folder structure
pages --
|
--index.jsp
--access.jsp
--logo.gif
In my web-xml file if i add
<web-resource-name>
Restrict access to JSP pages
</web-resource-name>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
it blocks logo.gif also,
and i cannot add
<web-resource-name>
Restrict access to JSP pages
</web-resource-name>
<url-pattern>/pages/*.jsp</url-pattern>
</web-resource-collection>
because it gives me
java.lang.IllegalArgumentException: Invalid
<url-pattern> /pages/*.jsp in security constraint
So how do i block access to all jsp in pages folder
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT]Blocking authority to access JSP - ignore previous mail
Posted by Dave Newton <ne...@pingsite.com>.
Ashish Kulkarni wrote:
>I know
>wish i could not, but the design is that we have all
>the images in a folder images which is under pages,
>it sort of sucks
>seems the
><url-pattern>*.jsp</url-pattern>
>works some times and some times not
>i guess it works on tomcat and not on websphere
>
>
Are you limited to that directory structure, or can you put JSP/others
under WEB-INF?
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT]Blocking authority to access JSP - ignore previous mail
Posted by Ashish Kulkarni <ku...@yahoo.com>.
I know
wish i could not, but the design is that we have all
the images in a folder images which is under pages,
it sort of sucks
seems the
<url-pattern>*.jsp</url-pattern>
works some times and some times not
i guess it works on tomcat and not on websphere
--- Wendy Smoak <ja...@wendysmoak.com> wrote:
> From: "Ashish Kulkarni" <ku...@yahoo.com>
> > pages --
> > |
> > --index.jsp
> > --access.jsp
> > --logo.gif
> >
> > In my web-xml file if i add
> > <web-resource-name>
> > Restrict access to JSP pages
> > </web-resource-name>
> > <url-pattern>/pages/*</url-pattern>
> > </web-resource-collection>
> > it blocks logo.gif also,
>
> What is 'logo.gif' doing in the "pages" directory?
> It isn't a page. :) Can
> you move it to /images? Then your pages will be
> protected, and the image
> will be available without the constraint.
>
> --
> Wendy Smoak
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
>
>
__________________________________
Yahoo! Mail for Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [OT]Blocking authority to access JSP - ignore previous mail
Posted by Wendy Smoak <ja...@wendysmoak.com>.
From: "Ashish Kulkarni" <ku...@yahoo.com>
> pages --
> |
> --index.jsp
> --access.jsp
> --logo.gif
>
> In my web-xml file if i add
> <web-resource-name>
> Restrict access to JSP pages
> </web-resource-name>
> <url-pattern>/pages/*</url-pattern>
> </web-resource-collection>
> it blocks logo.gif also,
What is 'logo.gif' doing in the "pages" directory? It isn't a page. :) Can
you move it to /images? Then your pages will be protected, and the image
will be available without the constraint.
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org