You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Oleg V Alexeev <go...@penza.net> on 2000/11/15 06:59:49 UTC
Re[2]: *.jsp "back door" issue
Hello David,
Tuesday, November 14, 2000, 11:19:40 PM, you wrote:
DG> Joel Schneider wrote:
>> However, it's also possible for users to directly request a .jsp page.
>> When this happens, the JSP container (in my case, Orion) will process the
>> .jsp page without any involvement by the ActionServlet. Some .jsp pages
>> may yield unexpected results when called in this manner.
DG> Put those JSP pages in a directory under WEB-INF; for example, WEB-INF/jsp.
DG> Files under the WEB-INF directory cannot be directly accessed.
But pages can be redirected - not forwarded only. How can we do it in
this case?
--
Best regards,
Oleg mailto:gonza@penza.net
Re: Re[2]: *.jsp "back door" issue
Posted by Joel Schneider <js...@cariboulake.com>.
On Wed, 15 Nov 2000, Oleg V Alexeev wrote:
> Hello David,
>
> Tuesday, November 14, 2000, 11:19:40 PM, you wrote:
>
> DG> Joel Schneider wrote:
>
> >> However, it's also possible for users to directly request a .jsp page.
> >> When this happens, the JSP container (in my case, Orion) will process the
> >> .jsp page without any involvement by the ActionServlet. Some .jsp pages
> >> may yield unexpected results when called in this manner.
>
> DG> Put those JSP pages in a directory under WEB-INF; for example, WEB-INF/jsp.
> DG> Files under the WEB-INF directory cannot be directly accessed.
>
> But pages can be redirected - not forwarded only. How can we do it in
> this case?
>
It should be possible to redirect to the "*.do" mappings defined in
action.xml. Simply redirect to, for example, "/login.do", etc.
Joel