JSP's behind WEB-INF no access to img/scripts

[Johan Wasserman <Jo...@mgxgroup.com>]

Hi, I have my JSP's behind WEB-INF, is there a way of mapping other
directories behind WEB-INF so that the images and scripts included on my
JSP's can be accessed from there as well.  It's OK having the JSP's
there to stop external forces from accessing them directly but now they
can still access my images and scripts directly.
 
Regards,
Johan Wasserman

Re: JSP's behind WEB-INF no access to img/scripts

[Jose Gonzalez Gomez <jg...@opentechnet.com>]

    They HAVE to be able to access your images and your scripts. Images 
and scripts are loaded by the browser in a different request when it 
gets the html generated by your JSP, so you shouldn't try to limit 
access to these resources.

    Regards
    Jose

Johan Wasserman wrote:

>Hi, I have my JSP's behind WEB-INF, is there a way of mapping other
>directories behind WEB-INF so that the images and scripts included on my
>JSP's can be accessed from there as well.  It's OK having the JSP's
>there to stop external forces from accessing them directly but now they
>can still access my images and scripts directly.
> 
>Regards,
>Johan Wasserman
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

Re: JSP's behind WEB-INF no access to img/scripts

[Nicolas De Loof <ni...@cgey.com>]

If I understand your problem, your JSP generates some
"<img src=...>"
or "<script scr=...>"
and you get "404 broken link" or something like this for this
ressources.

Perhaps you use relative path to your images and scripts
(src="../../images/foo.gif").
You should use absolute path with <html:rewrite
page="/images/foo.gif">
or <html:img> tags.

They're is no reaseon you cannot access images or scripts from a jsp
in WEB-INF beacause the jsp does'nt try to access anything, the
genrated HTML does. This way relative path is calculated from the URL
shown in browser ("/service/foo.do") that has nothing to do with your
JSP path.

Nico.


Hi, I have my JSP's behind WEB-INF, is there a way of mapping other
directories behind WEB-INF so that the images and scripts included on
my
JSP's can be accessed from there as well.  It's OK having the JSP's
there to stop external forces from accessing them directly but now
they
can still access my images and scripts directly.

Regards,
Johan Wasserman


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

RE: JSP's behind WEB-INF no access to img/scripts

[Andrew Hill <an...@gridnode.com>]

Ah , so the scripts should only be accessible by browsers of logged in
users?
If your using Servlet API 2.3 , an alternative to Nicolas' suggestion would
be to create a filter that inctercepts requests to the scripts and images
and only allows through requests that are authenticated. (btw: If your
supporting non-cookie enabled browsers in this scenario be sure to rewrite
the urls for the images and scripts so that sessionId is encoded! (Not
necessary if anyone can access the scripts without authentication))

-----Original Message-----
From: Nicolas De Loof [mailto:nicolas.deloof@cgey.com]
Sent: Thursday, 13 March 2003 20:26
To: Struts Users Mailing List; andrew.david.hill@gridnode.com
Subject: Re: JSP's behind WEB-INF no access to img/scripts


Sory, I didn't well understand what you're looking for.

You can create a servlet that looks for authentified user's session,
user pathInfo to find the name of a ressource, looks for it in
WEB-INF, and put it's content as binary in the response.

Add a mapping to this servlet like "/images/*" -> servlet

When an authentified user looks for "/images/foo/bar.gif" your servlet
will have to search for /foo/bar.gif in WEB-INF and send it's binary
content as response (with correct content-type header)

Nico.


> Surely the idea would be to have the JSPs behind webinf , but leave
the
> images & scripts above it so they can be accessed?
>
> -----Original Message-----
> From: Johan Wasserman [mailto:Johan.Wasserman@mgxgroup.com]
> Sent: Thursday, 13 March 2003 20:03
> To: struts-user@jakarta.apache.org
> Subject: JSP's behind WEB-INF no access to img/scripts
>
>
> Hi, I have my JSP's behind WEB-INF, is there a way of mapping other
> directories behind WEB-INF so that the images and scripts included
on my
> JSP's can be accessed from there as well.  It's OK having the JSP's
> there to stop external forces from accessing them directly but now
they
> can still access my images and scripts directly.
>
> Regards,
> Johan Wasserman
>
>
> --------------------------------------------------------------------
-
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

Re: JSP's behind WEB-INF no access to img/scripts

[Nicolas De Loof <ni...@cgey.com>]

Sory, I didn't well understand what you're looking for.

You can create a servlet that looks for authentified user's session,
user pathInfo to find the name of a ressource, looks for it in
WEB-INF, and put it's content as binary in the response.

Add a mapping to this servlet like "/images/*" -> servlet

When an authentified user looks for "/images/foo/bar.gif" your servlet
will have to search for /foo/bar.gif in WEB-INF and send it's binary
content as response (with correct content-type header)

Nico.


> Surely the idea would be to have the JSPs behind webinf , but leave
the
> images & scripts above it so they can be accessed?
>
> -----Original Message-----
> From: Johan Wasserman [mailto:Johan.Wasserman@mgxgroup.com]
> Sent: Thursday, 13 March 2003 20:03
> To: struts-user@jakarta.apache.org
> Subject: JSP's behind WEB-INF no access to img/scripts
>
>
> Hi, I have my JSP's behind WEB-INF, is there a way of mapping other
> directories behind WEB-INF so that the images and scripts included
on my
> JSP's can be accessed from there as well.  It's OK having the JSP's
> there to stop external forces from accessing them directly but now
they
> can still access my images and scripts directly.
>
> Regards,
> Johan Wasserman
>
>
> --------------------------------------------------------------------
-
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

RE: JSP's behind WEB-INF no access to img/scripts

[Andrew Hill <an...@gridnode.com>]

Surely the idea would be to have the JSPs behind webinf , but leave the
images & scripts above it so they can be accessed?

-----Original Message-----
From: Johan Wasserman [mailto:Johan.Wasserman@mgxgroup.com]
Sent: Thursday, 13 March 2003 20:03
To: struts-user@jakarta.apache.org
Subject: JSP's behind WEB-INF no access to img/scripts


Hi, I have my JSP's behind WEB-INF, is there a way of mapping other
directories behind WEB-INF so that the images and scripts included on my
JSP's can be accessed from there as well.  It's OK having the JSP's
there to stop external forces from accessing them directly but now they
can still access my images and scripts directly.

Regards,
Johan Wasserman


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org