You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by lu...@bnpparibas.com on 2003/12/24 14:28:18 UTC
security of html pages & max file size property
Hi all,
I have two questions:
1) I have a problem with the help menu of my application wich contains html
pages.
I would not like to access those pages without being log on, so I access
them via a secure Action that just do a forward to the good page:
<action path="/help/helpAction"
type="com.bnpparibas.primeweb.web.help.HelpAction"
name="helpForm" scope="request" validate="false">
<forward name="menu" path="/help/help.jsp"/>
<forward name="banner" path="/help/help_banner.jsp"/>
<forward name="mainFrame" path="/help/help_mainFrame.jsp"/>
<forward name="home" path="/help/help_home.htm"/>
<forward name="index" path="/help/help_index.jsp"/>
<forward name="options" path="/help/help_options.htm"/>
<forward name="report" path="/help/help_report.htm"/>
</action>
But I still can access the pages without being log on, just by writing the
url in the browser.
I have so done a filter to disable the user to access this page, but I
would like to avoid this solution, I would prefier use Actions only. do you
have any idea.
2) File Upload: whe the clien exceed the max upload file size, I would like
to display a message via the message framework, which looks like this:
maxLengthExceeded= Maximum file size exceeded ({0})
where {0} is the max size setting in struts-config.xml. But I did not find where I can take programaticly this information....
Thanks for your help.
So this is Christmas
And what have you done
Another year over
And a new one just begun....
This message and any attachments (the "message") is intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval.
The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
RE: security of html pages & max file size property
Posted by Mohan Radhakrishnan <mr...@cellexchange.com>.
This seem to be a authentication issue managed with Container Managed
Authentication
<web-resource-collection>
<web-resource-name>web</web-resource-name>
<description>Require users to authenticate</description>
<url-pattern>/xxx/*.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
CMA will popup your login page when a secure URL is accessed.
Mohan
-----Original Message-----
From: ludovic.maurillon@bnpparibas.com
[mailto:ludovic.maurillon@bnpparibas.com]
Sent: Wednesday, December 24, 2003 6:58 PM
To: struts-user@jakarta.apache.org
Subject: security of html pages & max file size property
Hi all,
I have two questions:
1) I have a problem with the help menu of my application wich contains html
pages.
I would not like to access those pages without being log on, so I access
them via a secure Action that just do a forward to the good page:
<action path="/help/helpAction"
type="com.bnpparibas.primeweb.web.help.HelpAction"
name="helpForm" scope="request" validate="false">
<forward name="menu" path="/help/help.jsp"/>
<forward name="banner" path="/help/help_banner.jsp"/>
<forward name="mainFrame" path="/help/help_mainFrame.jsp"/>
<forward name="home" path="/help/help_home.htm"/>
<forward name="index" path="/help/help_index.jsp"/>
<forward name="options" path="/help/help_options.htm"/>
<forward name="report" path="/help/help_report.htm"/>
</action>
But I still can access the pages without being log on, just by writing the
url in the browser.
I have so done a filter to disable the user to access this page, but I
would like to avoid this solution, I would prefier use Actions only. do you
have any idea.
2) File Upload: whe the clien exceed the max upload file size, I would like
to display a message via the message framework, which looks like this:
maxLengthExceeded= Maximum file size exceeded ({0})
where {0} is the max size setting in struts-config.xml. But I did not find
where I can take programaticly this information....
Thanks for your help.
So this is Christmas
And what have you done
Another year over
And a new one just begun....
This message and any attachments (the "message") is intended solely for the
addressees and is confidential.
If you receive this message in error, please delete it and immediately
notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole or partial, is
prohibited except formal approval.
The internet can not guarantee the integrity of this message. BNP PARIBAS
(and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis
a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce message par erreur,
merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce message non conforme a
sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf autorisation
expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses filiales)
decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org