You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Michael Molloy <uk...@bigfoot.com> on 2001/02/01 06:37:54 UTC

RE: How to prevent a .jsp from being accessed directly?

Bob, I thought I had tried all combinations, but I apparently I had tried
them all except the right one. Thanks for your help.

--Michael

-----Original Message-----
From: BBueckers@sjm.com [mailto:BBueckers@sjm.com]
Sent: Tuesday, January 30, 2001 4:50 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


Don't include the www.... in your url-pattern rather if you directory
structure is

Tomcat
|
 -- webapps
   |
    -- mywebapp
      |
	 -- jsps
	     	selectroster.jsp
		another.jsp
		another2.jsp

you would include <url-pattern>/jsps/selectroster.jsp</url-pattern>

What version of tomcat are you using? What is your environment?

Bob

-----Original Message-----
From: Michael Molloy [mailto:ukalumni@bigfoot.com]
Sent: Tuesday, January 30, 2001 4:44 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


I've tried several variations, from your suggestion below to including the
entire url (www. . . .).

I'll take another look at it.

Thanks
--Michael

-----Original Message-----
From: BBueckers@sjm.com [mailto:BBueckers@sjm.com]
Sent: Tuesday, January 30, 2001 4:29 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


You may want to try setting the url pattern relative to the root i.e.
	<url-pattern>/dir1/subdir1/selectroster.jsp</url-pattern>

Bob

-----Original Message-----
From: Michael Molloy [mailto:ukalumni@bigfoot.com]
Sent: Monday, January 29, 2001 7:41 PM
To: Tomcat
Subject: How to prevent a .jsp from being accessed directly?


I'm using the following web.xml file inside a servlet context
(/opt/tomcat/webapps/staging/WEB-INF/web.xml). However, it's not preventing
direct access to the jsp file, which is what I'm hoping to achieve. I got
this from the O'Reilly Javaserver Pages book, but it's not working. Any
suggestions?

Thanks
--Michael

<web-app>
        <servlet>
                <servlet-name>RosterServlet</servlet-name>
                <servlet-class>RosterServlet</servlet-class>
                <load-on-startup>1</load-on-startup>

        </servlet>
        <servlet-mapping>
                <servlet-name>RosterServlet</servlet-name>
                <url-pattern>/process</url-pattern>
        </servlet-mapping>
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>no-access</web-resource-name>
                        <url-pattern>selectroster.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>nobody</role-name>
                </auth-constraint>
        </security-constraint>
</web-app>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org

RE: How to prevent a .jsp from being accessed directly?

Posted by Michael Molloy <uk...@bigfoot.com>.

Sorry for sending that to the list. Supposed to have been backchannel.

--Michael

-----Original Message-----
From: Michael Molloy [mailto:ukalumni@bigfoot.com]
Sent: Wednesday, January 31, 2001 11:38 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


Bob, I thought I had tried all combinations, but I apparently I had tried
them all except the right one. Thanks for your help.

--Michael

-----Original Message-----
From: BBueckers@sjm.com [mailto:BBueckers@sjm.com]
Sent: Tuesday, January 30, 2001 4:50 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


Don't include the www.... in your url-pattern rather if you directory
structure is

Tomcat
|
 -- webapps
   |
    -- mywebapp
      |
	 -- jsps
	     	selectroster.jsp
		another.jsp
		another2.jsp

you would include <url-pattern>/jsps/selectroster.jsp</url-pattern>

What version of tomcat are you using? What is your environment?

Bob

-----Original Message-----
From: Michael Molloy [mailto:ukalumni@bigfoot.com]
Sent: Tuesday, January 30, 2001 4:44 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


I've tried several variations, from your suggestion below to including the
entire url (www. . . .).

I'll take another look at it.

Thanks
--Michael

-----Original Message-----
From: BBueckers@sjm.com [mailto:BBueckers@sjm.com]
Sent: Tuesday, January 30, 2001 4:29 PM
To: tomcat-user@jakarta.apache.org
Subject: RE: How to prevent a .jsp from being accessed directly?


You may want to try setting the url pattern relative to the root i.e.
	<url-pattern>/dir1/subdir1/selectroster.jsp</url-pattern>

Bob

-----Original Message-----
From: Michael Molloy [mailto:ukalumni@bigfoot.com]
Sent: Monday, January 29, 2001 7:41 PM
To: Tomcat
Subject: How to prevent a .jsp from being accessed directly?


I'm using the following web.xml file inside a servlet context
(/opt/tomcat/webapps/staging/WEB-INF/web.xml). However, it's not preventing
direct access to the jsp file, which is what I'm hoping to achieve. I got
this from the O'Reilly Javaserver Pages book, but it's not working. Any
suggestions?

Thanks
--Michael

<web-app>
        <servlet>
                <servlet-name>RosterServlet</servlet-name>
                <servlet-class>RosterServlet</servlet-class>
                <load-on-startup>1</load-on-startup>

        </servlet>
        <servlet-mapping>
                <servlet-name>RosterServlet</servlet-name>
                <url-pattern>/process</url-pattern>
        </servlet-mapping>
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>no-access</web-resource-name>
                        <url-pattern>selectroster.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>nobody</role-name>
                </auth-constraint>
        </security-constraint>
</web-app>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org