You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Neil Aggarwal <ne...@JAMMConsulting.com> on 2005/07/14 21:48:12 UTC
Security constraint not working
Hello:
According to this page:
http://www.javaworld.com/javaworld/jw-09-2004/jw-0913-struts.html
In order to prevent people of accessing jsp pages directly
without using my struts controller, I added this to my web.xml:
<!-- Do not allow users to load jsps directly -->
<security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
I added it and I can still load a page with the url
to the jsp. Here is an example:
http://dev.rentclubs.com/rentclubs/howWeStarted.jsp
Any ideas?
Thanks,
Neil
--
Neil Aggarwal, JAMM Consulting, (214) 986-3533, www.JAMMConsulting.com
FREE! Valuable info on how your business can reduce operating costs by
17% or more in 6 months or less! http://newsletter.JAMMConsulting.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Security constraint not working
Posted by Bart Frackiewicz <bf...@open-medium.com>.
perhaps you need at least one <auth-constraint> with a given role - or
you leave it empty (look into the example, there is a <auth-constraint/>
before </security-constraint>).
Neil Aggarwal schrieb:
> Hello:
>
>
> <!-- Do not allow users to load jsps directly -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>no_access</web-resource-name>
> <url-pattern>*.jsp</url-pattern>
> </web-resource-collection>
> </security-constraint>
>
my example:
<security-constraint>
<!-- normal area -->
<web-resource-collection>
<web-resource-name>BOS Airliquide Deutschland</web-resource-name>
<url-pattern>*.do</url-pattern>
<!-- <url-pattern>*.do</url-pattern> -->
</web-resource-collection>
<auth-constraint>
<role-name>BO</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>BO</role-name>
</security-role>
Bart
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org