You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "C.F. Scheidecker Antunes" <na...@antunes.eti.br> on 2005/10/10 06:28:02 UTC

Hide the JSP: Actions, rowBean and JSPs question

Hello All,

I have an action that reads from the database and return a rowSet bean 
to the request scope.
Then I iterate the bean on my JSP and show the data.

Everything works.

I however have a problem. I can access the JSP straight if I type the URL.

That is, I want the JSP only to be shown if it is called from the 
action. I have a forward called "success" and
mapped to my struts-config.xml. On success I forward to the jsp

I would like to hide the JSP from the user, is it possible?

How?

Thanks,

C.F.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Hide the JSP: Actions, rowBean and JSPs question

Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
Hi C.F.,

There's actually a whole bunch of ways to accomplish this... this is 
almost certainly not a complete list, but just off the top of my head...

(1) Place all your JSPs in WEB-INF.  By definition, they can only be 
reached by forwarding from something, be it a servlet or Struts Action, 
on the server.

(2) Use container-managed security.  I believe another poster mentioned 
this already as I was typing this response :)

(3) Set some value in the request as an attribute in your Action, and 
then check for it in the JSP.  If it isn't there, forward to some "not 
allowed" JSP.

(4) Use a filter that rejects any request for a JSP, forwarding to a 
"not allowed" page.

Like I said, there are probably other choices too.

Frank

C.F. Scheidecker Antunes wrote:
> Hello All,
> 
> I have an action that reads from the database and return a rowSet bean 
> to the request scope.
> Then I iterate the bean on my JSP and show the data.
> 
> Everything works.
> 
> I however have a problem. I can access the JSP straight if I type the URL.
> 
> That is, I want the JSP only to be shown if it is called from the 
> action. I have a forward called "success" and
> mapped to my struts-config.xml. On success I forward to the jsp
> 
> I would like to hide the JSP from the user, is it possible?
> 
> How?
> 
> Thanks,
> 
> C.F.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 
> .
> 

-- 
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: fzammetti@hotmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Hide the JSP: Actions, rowBean and JSPs question

Posted by ra...@tcs.com.
Yes you are correct. In this case all the files under the folder named 
(/folder) will not be accessed.





"C.F. Scheidecker Antunes" <na...@antunes.eti.br> 
10/10/2005 12:33 PM
Please respond to
"Struts Users Mailing List" <us...@struts.apache.org>


To
Struts Users Mailing List <us...@struts.apache.org>, 
rajasekhar.cherukuri@tcs.com
cc

Subject
Re: Hide the JSP: Actions, rowBean and JSPs question






Hi Rajasekhar,

What would be no_access? Just a name value?

In this case all JSPs would be not accessed correct?

Now, if I want to only do this in a folder then I would:

<url-pattern>/folder/*</url-pattern>

Is it correct?

Thanks,

C.F.



rajasekhar.cherukuri@tcs.com wrote:

>Hi,
>
>        Put the following code in your web.xml. This will not allow any 
of 
>your user to access your JSPs.
>
>
><web-app>
>   ...
>  <security-constraint>
>    <web-resource-collection>
>      <web-resource-name>no_access</web-resource-name>
>      <url-pattern>*.jsp</url-pattern>
>    </web-resource-collection>
>    <auth-constraint/>
>  </security-constraint>
>  ...
></web-app>
>
>
>Regards,
>Rajasekhar Cherukuri
>
>
>
>
>
>
>"C.F. Scheidecker Antunes" <na...@antunes.eti.br> 
>10/10/2005 09:58 AM
>Please respond to
>"Struts Users Mailing List" <us...@struts.apache.org>
>
>
>To
>Struts Users Mailing List <us...@struts.apache.org>
>cc
>
>Subject
>Hide the JSP: Actions, rowBean and JSPs question
>
>
>
>
>
>
>Hello All,
>
>I have an action that reads from the database and return a rowSet bean 
>to the request scope.
>Then I iterate the bean on my JSP and show the data.
>
>Everything works.
>
>I however have a problem. I can access the JSP straight if I type the 
URL.
>
>That is, I want the JSP only to be shown if it is called from the 
>action. I have a forward called "success" and
>mapped to my struts-config.xml. On success I forward to the jsp
>
>I would like to hide the JSP from the user, is it possible?
>
>How?
>
>Thanks,
>
>C.F.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>ForwardSourceID:NT00005AE2 
>
>
>Notice: The information contained in this e-mail message and/or 
attachments to it may contain confidential or privileged information.   If 
you are not the intended recipient, any dissemination, use, review, 
distribution, printing or copying of the information contained in this 
e-mail message and/or attachments to it are strictly prohibited.   If you 
have received this communication in error, please notify us by reply 
e-mail or telephone and immediately and permanently delete the message and 
any attachments.  Thank you
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


ForwardSourceID:NT00005B0A 


Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.   If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited.   If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments.  Thank you

Re: Hide the JSP: Actions, rowBean and JSPs question

Posted by "C.F. Scheidecker Antunes" <na...@antunes.eti.br>.
Hi Rajasekhar,

What would be no_access? Just a name value?

In this case all JSPs would be not accessed correct?

Now, if I want to only do this in a folder then I would:

<url-pattern>/folder/*</url-pattern>

Is it correct?

Thanks,

C.F.



rajasekhar.cherukuri@tcs.com wrote:

>Hi,
>
>        Put the following code in your web.xml. This will not allow any of 
>your user to access your JSPs.
>
>
><web-app>
>   ...
>  <security-constraint>
>    <web-resource-collection>
>      <web-resource-name>no_access</web-resource-name>
>      <url-pattern>*.jsp</url-pattern>
>    </web-resource-collection>
>    <auth-constraint/>
>  </security-constraint>
>  ...
></web-app>
>
>
>Regards,
>Rajasekhar Cherukuri
>
>
>
>
>
>
>"C.F. Scheidecker Antunes" <na...@antunes.eti.br> 
>10/10/2005 09:58 AM
>Please respond to
>"Struts Users Mailing List" <us...@struts.apache.org>
>
>
>To
>Struts Users Mailing List <us...@struts.apache.org>
>cc
>
>Subject
>Hide the JSP: Actions, rowBean and JSPs question
>
>
>
>
>
>
>Hello All,
>
>I have an action that reads from the database and return a rowSet bean 
>to the request scope.
>Then I iterate the bean on my JSP and show the data.
>
>Everything works.
>
>I however have a problem. I can access the JSP straight if I type the URL.
>
>That is, I want the JSP only to be shown if it is called from the 
>action. I have a forward called "success" and
>mapped to my struts-config.xml. On success I forward to the jsp
>
>I would like to hide the JSP from the user, is it possible?
>
>How?
>
>Thanks,
>
>C.F.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>ForwardSourceID:NT00005AE2 
>
>
>Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.   If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited.   If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments.  Thank you
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Hide the JSP: Actions, rowBean and JSPs question

Posted by ra...@tcs.com.
Hi,

        Put the following code in your web.xml. This will not allow any of 
your user to access your JSPs.


<web-app>
   ...
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>no_access</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint/>
  </security-constraint>
  ...
</web-app>


Regards,
Rajasekhar Cherukuri






"C.F. Scheidecker Antunes" <na...@antunes.eti.br> 
10/10/2005 09:58 AM
Please respond to
"Struts Users Mailing List" <us...@struts.apache.org>


To
Struts Users Mailing List <us...@struts.apache.org>
cc

Subject
Hide the JSP: Actions, rowBean and JSPs question






Hello All,

I have an action that reads from the database and return a rowSet bean 
to the request scope.
Then I iterate the bean on my JSP and show the data.

Everything works.

I however have a problem. I can access the JSP straight if I type the URL.

That is, I want the JSP only to be shown if it is called from the 
action. I have a forward called "success" and
mapped to my struts-config.xml. On success I forward to the jsp

I would like to hide the JSP from the user, is it possible?

How?

Thanks,

C.F.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


ForwardSourceID:NT00005AE2 


Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.   If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited.   If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments.  Thank you