security : context relative URL(s)

[Zahid Rahman <za...@gmail.com>]

Hi,

Can I apply these same security features in struts2 which were applied in
struts1
now that  the use of web.xml TAGS is discouraged in favour of annotations.


*example deployment descriptor *
*$CATALINA_HOME/webapps/examples/WEB-INF/web.xml*

<security-constraint>
<display-name> example Security Constraint  <display-name>
<web-resource-collection>
<web-resource-name> Protected Web Area </web-resource-name>
<!-- define the context relative URL (s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
<!-- if you list http methods, only those methods are protected -->.
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->

Regards
Z.

Framework :   Years of commercial experience in designing , developing your
own framework can save you Weeks of learning a framework.
------------------------------

https://www.backbutton.co.uk/ <http://Backbutton.co.uk>
¯\_(ツ)_/¯
♡۶♡۶ ♡۶
<http://www.backbutton.co.uk>

Re: security : context relative URL(s)

[Zahid Rahman <za...@gmail.com>]

Thanks for clearing some doubts:

a) web.xml is indispensable.

b) Some claims about JSPs on the Internet are untrue.

c) my how to book  Mastering Tomcat Development is still current.


Regards
Z.

https://www.backbutton.co.uk/
¯\_(ツ)_/¯
♡۶♡۶ ♡۶
Years of commercial experience in designing , developing your own framework
can save you Weeks of learning a framework.

Weeks of coding can save you hours of planning.


On Tue, 15 Sep 2020, 06:59 Lukasz Lenart, <lu...@apache.org> wrote:

> sob., 5 wrz 2020 o 19:44 Zahid Rahman <za...@gmail.com> napisał(a):
> >
> > Hi,
> >
> > Can I apply these same security features in struts2 which were applied in
> > struts1
> > now that  the use of web.xml TAGS is discouraged in favour of
> annotations.
> >
> >
> > *example deployment descriptor *
> > *$CATALINA_HOME/webapps/examples/WEB-INF/web.xml*
> >
> > <security-constraint>
> > <display-name> example Security Constraint  <display-name>
> > <web-resource-collection>
> > <web-resource-name> Protected Web Area </web-resource-name>
> > <!-- define the context relative URL (s) to be protected -->
> > <url-pattern>/jsp/security/protected/*</url-pattern>
> > <!-- if you list http methods, only those methods are protected -->.
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <!-- Anyone with one of the listed roles may access this area -->
>
> Yes, you can and this is a good practice
> https://struts.apache.org/security/#never-expose-jsp-files-directly
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Re: security : context relative URL(s)

[Lukasz Lenart <lu...@apache.org>]

sob., 5 wrz 2020 o 19:44 Zahid Rahman <za...@gmail.com> napisał(a):
>
> Hi,
>
> Can I apply these same security features in struts2 which were applied in
> struts1
> now that  the use of web.xml TAGS is discouraged in favour of annotations.
>
>
> *example deployment descriptor *
> *$CATALINA_HOME/webapps/examples/WEB-INF/web.xml*
>
> <security-constraint>
> <display-name> example Security Constraint  <display-name>
> <web-resource-collection>
> <web-resource-name> Protected Web Area </web-resource-name>
> <!-- define the context relative URL (s) to be protected -->
> <url-pattern>/jsp/security/protected/*</url-pattern>
> <!-- if you list http methods, only those methods are protected -->.
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->

Yes, you can and this is a good practice
https://struts.apache.org/security/#never-expose-jsp-files-directly


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org