You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "C.F. Scheidecker Antunes" <na...@antunes.eti.br> on 2005/10/10 06:28:02 UTC
Hide the JSP: Actions, rowBean and JSPs question
Hello All,
I have an action that reads from the database and return a rowSet bean
to the request scope.
Then I iterate the bean on my JSP and show the data.
Everything works.
I however have a problem. I can access the JSP straight if I type the URL.
That is, I want the JSP only to be shown if it is called from the
action. I have a forward called "success" and
mapped to my struts-config.xml. On success I forward to the jsp
I would like to hide the JSP from the user, is it possible?
How?
Thanks,
C.F.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Hide the JSP: Actions, rowBean and JSPs question
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
Hi C.F.,
There's actually a whole bunch of ways to accomplish this... this is
almost certainly not a complete list, but just off the top of my head...
(1) Place all your JSPs in WEB-INF. By definition, they can only be
reached by forwarding from something, be it a servlet or Struts Action,
on the server.
(2) Use container-managed security. I believe another poster mentioned
this already as I was typing this response :)
(3) Set some value in the request as an attribute in your Action, and
then check for it in the JSP. If it isn't there, forward to some "not
allowed" JSP.
(4) Use a filter that rejects any request for a JSP, forwarding to a
"not allowed" page.
Like I said, there are probably other choices too.
Frank
C.F. Scheidecker Antunes wrote:
> Hello All,
>
> I have an action that reads from the database and return a rowSet bean
> to the request scope.
> Then I iterate the bean on my JSP and show the data.
>
> Everything works.
>
> I however have a problem. I can access the JSP straight if I type the URL.
>
> That is, I want the JSP only to be shown if it is called from the
> action. I have a forward called "success" and
> mapped to my struts-config.xml. On success I forward to the jsp
>
> I would like to hide the JSP from the user, is it possible?
>
> How?
>
> Thanks,
>
> C.F.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
> .
>
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: fzammetti@hotmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Hide the JSP: Actions, rowBean and JSPs question
Posted by ra...@tcs.com.
Yes you are correct. In this case all the files under the folder named
(/folder) will not be accessed.
"C.F. Scheidecker Antunes" <na...@antunes.eti.br>
10/10/2005 12:33 PM
Please respond to
"Struts Users Mailing List" <us...@struts.apache.org>
To
Struts Users Mailing List <us...@struts.apache.org>,
rajasekhar.cherukuri@tcs.com
cc
Subject
Re: Hide the JSP: Actions, rowBean and JSPs question
Hi Rajasekhar,
What would be no_access? Just a name value?
In this case all JSPs would be not accessed correct?
Now, if I want to only do this in a folder then I would:
<url-pattern>/folder/*</url-pattern>
Is it correct?
Thanks,
C.F.
rajasekhar.cherukuri@tcs.com wrote:
>Hi,
>
> Put the following code in your web.xml. This will not allow any
of
>your user to access your JSPs.
>
>
><web-app>
> ...
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>no_access</web-resource-name>
> <url-pattern>*.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint/>
> </security-constraint>
> ...
></web-app>
>
>
>Regards,
>Rajasekhar Cherukuri
>
>
>
>
>
>
>"C.F. Scheidecker Antunes" <na...@antunes.eti.br>
>10/10/2005 09:58 AM
>Please respond to
>"Struts Users Mailing List" <us...@struts.apache.org>
>
>
>To
>Struts Users Mailing List <us...@struts.apache.org>
>cc
>
>Subject
>Hide the JSP: Actions, rowBean and JSPs question
>
>
>
>
>
>
>Hello All,
>
>I have an action that reads from the database and return a rowSet bean
>to the request scope.
>Then I iterate the bean on my JSP and show the data.
>
>Everything works.
>
>I however have a problem. I can access the JSP straight if I type the
URL.
>
>That is, I want the JSP only to be shown if it is called from the
>action. I have a forward called "success" and
>mapped to my struts-config.xml. On success I forward to the jsp
>
>I would like to hide the JSP from the user, is it possible?
>
>How?
>
>Thanks,
>
>C.F.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>ForwardSourceID:NT00005AE2
>
>
>Notice: The information contained in this e-mail message and/or
attachments to it may contain confidential or privileged information. If
you are not the intended recipient, any dissemination, use, review,
distribution, printing or copying of the information contained in this
e-mail message and/or attachments to it are strictly prohibited. If you
have received this communication in error, please notify us by reply
e-mail or telephone and immediately and permanently delete the message and
any attachments. Thank you
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
ForwardSourceID:NT00005B0A
Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Re: Hide the JSP: Actions, rowBean and JSPs question
Posted by "C.F. Scheidecker Antunes" <na...@antunes.eti.br>.
Hi Rajasekhar,
What would be no_access? Just a name value?
In this case all JSPs would be not accessed correct?
Now, if I want to only do this in a folder then I would:
<url-pattern>/folder/*</url-pattern>
Is it correct?
Thanks,
C.F.
rajasekhar.cherukuri@tcs.com wrote:
>Hi,
>
> Put the following code in your web.xml. This will not allow any of
>your user to access your JSPs.
>
>
><web-app>
> ...
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>no_access</web-resource-name>
> <url-pattern>*.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint/>
> </security-constraint>
> ...
></web-app>
>
>
>Regards,
>Rajasekhar Cherukuri
>
>
>
>
>
>
>"C.F. Scheidecker Antunes" <na...@antunes.eti.br>
>10/10/2005 09:58 AM
>Please respond to
>"Struts Users Mailing List" <us...@struts.apache.org>
>
>
>To
>Struts Users Mailing List <us...@struts.apache.org>
>cc
>
>Subject
>Hide the JSP: Actions, rowBean and JSPs question
>
>
>
>
>
>
>Hello All,
>
>I have an action that reads from the database and return a rowSet bean
>to the request scope.
>Then I iterate the bean on my JSP and show the data.
>
>Everything works.
>
>I however have a problem. I can access the JSP straight if I type the URL.
>
>That is, I want the JSP only to be shown if it is called from the
>action. I have a forward called "success" and
>mapped to my struts-config.xml. On success I forward to the jsp
>
>I would like to hide the JSP from the user, is it possible?
>
>How?
>
>Thanks,
>
>C.F.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>ForwardSourceID:NT00005AE2
>
>
>Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Hide the JSP: Actions, rowBean and JSPs question
Posted by ra...@tcs.com.
Hi,
Put the following code in your web.xml. This will not allow any of
your user to access your JSPs.
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>no_access</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
...
</web-app>
Regards,
Rajasekhar Cherukuri
"C.F. Scheidecker Antunes" <na...@antunes.eti.br>
10/10/2005 09:58 AM
Please respond to
"Struts Users Mailing List" <us...@struts.apache.org>
To
Struts Users Mailing List <us...@struts.apache.org>
cc
Subject
Hide the JSP: Actions, rowBean and JSPs question
Hello All,
I have an action that reads from the database and return a rowSet bean
to the request scope.
Then I iterate the bean on my JSP and show the data.
Everything works.
I however have a problem. I can access the JSP straight if I type the URL.
That is, I want the JSP only to be shown if it is called from the
action. I have a forward called "success" and
mapped to my struts-config.xml. On success I forward to the jsp
I would like to hide the JSP from the user, is it possible?
How?
Thanks,
C.F.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
ForwardSourceID:NT00005AE2
Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you