You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Ashish Kulkarni <ku...@yahoo.com> on 2005/08/02 20:12:24 UTC

[OT]Blocking authority to access JSP - ignore previous mail

Hi
I have been trying to block access to jsp directly,
here is my folder structure
pages --
        |
         --index.jsp 
         --access.jsp 
         --logo.gif

In my web-xml file if i add
<web-resource-name>
Restrict access to JSP pages
 </web-resource-name>
 <url-pattern>/pages/*</url-pattern>
</web-resource-collection>
it blocks logo.gif also, 

and i cannot add 
<web-resource-name>
Restrict access to JSP pages
 </web-resource-name>
 <url-pattern>/pages/*.jsp</url-pattern>
</web-resource-collection>
because it gives me
java.lang.IllegalArgumentException: Invalid
<url-pattern> /pages/*.jsp in security constraint

So how do i block access to all jsp in pages folder


		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [OT]Blocking authority to access JSP - ignore previous mail

Posted by Dave Newton <ne...@pingsite.com>.

Ashish Kulkarni wrote:

>I know
>wish i could not, but the design is that we have all
>the images in a folder images which is under pages, 
>it sort of sucks 
>seems the
><url-pattern>*.jsp</url-pattern>
>works some times and some times not
>i guess it works on tomcat and not on websphere
>  
>
Are you limited to that directory structure, or can you put JSP/others 
under WEB-INF?

Dave



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [OT]Blocking authority to access JSP - ignore previous mail

Posted by Ashish Kulkarni <ku...@yahoo.com>.

I know
wish i could not, but the design is that we have all
the images in a folder images which is under pages, 
it sort of sucks 
seems the
<url-pattern>*.jsp</url-pattern>
works some times and some times not
i guess it works on tomcat and not on websphere

--- Wendy Smoak <ja...@wendysmoak.com> wrote:

> From: "Ashish Kulkarni" <ku...@yahoo.com>
> > pages --
> >        |
> >         --index.jsp
> >         --access.jsp
> >         --logo.gif
> >
> > In my web-xml file if i add
> > <web-resource-name>
> > Restrict access to JSP pages
> > </web-resource-name>
> > <url-pattern>/pages/*</url-pattern>
> > </web-resource-collection>
> > it blocks logo.gif also,
> 
> What is 'logo.gif' doing in the "pages" directory? 
> It isn't a page. :)  Can 
> you move it to /images?  Then your pages will be
> protected, and the image 
> will be available without the constraint.
> 
> -- 
> Wendy Smoak 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> For additional commands, e-mail:
> user-help@struts.apache.org
> 
> 



		
__________________________________ 
Yahoo! Mail for Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: [OT]Blocking authority to access JSP - ignore previous mail

Posted by Wendy Smoak <ja...@wendysmoak.com>.

From: "Ashish Kulkarni" <ku...@yahoo.com>
> pages --
>        |
>         --index.jsp
>         --access.jsp
>         --logo.gif
>
> In my web-xml file if i add
> <web-resource-name>
> Restrict access to JSP pages
> </web-resource-name>
> <url-pattern>/pages/*</url-pattern>
> </web-resource-collection>
> it blocks logo.gif also,

What is 'logo.gif' doing in the "pages" directory?  It isn't a page. :)  Can 
you move it to /images?  Then your pages will be protected, and the image 
will be available without the constraint.

-- 
Wendy Smoak 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org