You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2003/02/05 18:07:47 UTC
DO NOT REPLY [Bug 16603] -
forwardPattern should support different module roots.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16603>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16603
<controller> forwardPattern should support different module roots.
dgraham1980@hotmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|Normal |Enhancement
Priority|High |Medium
Summary|internalModuleRelativeForwar|<controller> forwardPattern
|d() does'nt treat module- |should support different
|relative paths as defined by|module roots.
|forwardPattern. |
------- Additional Comments From dgraham1980@hotmail.com 2003-02-05 17:07 -------
The real problem here is that the forwardPattern attribute of the <controller>
struts-config element doesn't support arbitrary path names. It only supports
prepending the module name to the path (signified by the $M).
So, this becomes an enhancement request to allow forwardPattern to accept
special tokens like $M *and* path names. This would allow the forwardPattern to
look like this "/WEB-INF/my_modules/$M$P".
Note that placing JSPs under WEB-INF is *not* portable across containers. A
better solution is to define this security constraint in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureAllJSPs</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>
Protects all JSP files from direct access. Clients
must go through the controller servlet.
</description>
<role-name>nobody</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>No one should be put in this role.</description>
<role-name>nobody</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org