You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2003/02/05 18:07:47 UTC

DO NOT REPLY [Bug 16603] - forwardPattern should support different module roots.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16603

<controller> forwardPattern should support different module roots.

dgraham1980@hotmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|Normal                      |Enhancement
           Priority|High                        |Medium
            Summary|internalModuleRelativeForwar|<controller> forwardPattern
                   |d() does'nt  treat module-  |should support different
                   |relative paths as defined by|module roots.
                   |forwardPattern.             |



------- Additional Comments From dgraham1980@hotmail.com  2003-02-05 17:07 -------
The real problem here is that the forwardPattern attribute of the <controller> 
struts-config element doesn't support arbitrary path names.  It only supports 
prepending the module name to the path (signified by the $M).


So, this becomes an enhancement request to allow forwardPattern to accept 
special tokens like $M *and* path names.  This would allow the forwardPattern to 
look like this "/WEB-INF/my_modules/$M$P".


Note that placing JSPs under WEB-INF is *not* portable across containers.  A 
better solution is to define this security constraint in web.xml:




<security-constraint>


		<web-resource-collection>


			<web-resource-name>SecureAllJSPs</web-resource-name>


			<url-pattern>*.jsp</url-pattern>


		</web-resource-collection>


		<auth-constraint>


			<description>


				Protects all JSP files from direct access.  Clients 


				must go through the controller servlet.


			</description>


			<role-name>nobody</role-name>


		</auth-constraint>


	</security-constraint>


	


	<security-role>


		<description>No one should be put in this role.</description>


		<role-name>nobody</role-name>


    </security-role>

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org