server.xml configuration..

[prt <sh...@pelephone.co.il>]

Hi to all,
Where i have to config and what, to prevent direct access to my jsp files ?

For example,
I have project name test.
If i whant to show product data the link is,
http://localhost/test?do=showProductData.
This link run the index.jsp that is in text, and in index.jsp there is
include to actions/showProducData.jsp.
To prevent direct access to jsp files that are locate in actions i added
this part to server.xml in the host part,
<Context path="/test/actions" docBase="/err" debug="0"
crossContext="false"/>
So when i try to do direct access to any jsp in actions is run the index
file under err.

The problem is when i run the link like this
http://127.0.0.1/test?do=showProductData, is not work.
If i want to cover this problem i have to add Host section to server.xml for
127.0.0.1 and put in it
this part <Context path="/test/actions" docBase="/err" debug="0"
crossContext="false"/>.

Is there any better solution for this problem ?

Thank you all.
-- 
View this message in context: http://www.nabble.com/server.xml-configuration..-tf3353902.html#a9327284
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: [OT] server.xml configuration..

[prt <sh...@pelephone.co.il>]

Thank you for your help,

If i dont want to remov the jsp files so my solution is good ?

Another example is,
Uploaded images was stored in products/images under test, i change it to
d:\data\products\images buy 
same solution, added this part to server.xml under the Host tag,
<Context path="/test/products/images" docBase="d:\data\products\images"
debug="0" crossContext="false"/>.
So when i run this link http://localhost/test/products/images/344.jpg, the
image is take from d:\data\products\images\344.jpg.

Is there another way to do this with out remove the jsp files ?

Thank you all.


Li-3 wrote:
> 
> You can move your jsp files which you would like to secure to WEB-INF/,
> and
> use dispatched way to access ...
> then you can define few error files like 404, 503 or your own
> error.jspwhich can be handled by your java class
> 
> wish this helps
> 
> On 3/6/07, prt <sh...@pelephone.co.il> wrote:
>>
>>
>> Hi to all,
>> Where i have to config and what, to prevent direct access to my jsp files
>> ?
>>
>> For example,
>> I have project name test.
>> If i whant to show product data the link is,
>> http://localhost/test?do=showProductData.
>> This link run the index.jsp that is in text, and in index.jsp there is
>> include to actions/showProducData.jsp.
>> To prevent direct access to jsp files that are locate in actions i added
>> this part to server.xml in the host part,
>> <Context path="/test/actions" docBase="/err" debug="0"
>> crossContext="false"/>
>> So when i try to do direct access to any jsp in actions is run the index
>> file under err.
>>
>> The problem is when i run the link like this
>> http://127.0.0.1/test?do=showProductData, is not work.
>> If i want to cover this problem i have to add Host section to
>> server.xmlfor
>> 127.0.0.1 and put in it
>> this part <Context path="/test/actions" docBase="/err" debug="0"
>> crossContext="false"/>.
>>
>> Is there any better solution for this problem ?
>>
>> Thank you all.
>> --
>> View this message in context:
>> http://www.nabble.com/server.xml-configuration..-tf3353902.html#a9327284
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> -- 
> When we invent time, we invent death.
> 
> 

-- 
View this message in context: http://www.nabble.com/server.xml-configuration..-tf3353902.html#a9328234
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: server.xml configuration..

[Li <am...@gmail.com>]

You can move your jsp files which you would like to secure to WEB-INF/, and
use dispatched way to access ...
then you can define few error files like 404, 503 or your own
error.jspwhich can be handled by your java class

wish this helps

On 3/6/07, prt <sh...@pelephone.co.il> wrote:
>
>
> Hi to all,
> Where i have to config and what, to prevent direct access to my jsp files
> ?
>
> For example,
> I have project name test.
> If i whant to show product data the link is,
> http://localhost/test?do=showProductData.
> This link run the index.jsp that is in text, and in index.jsp there is
> include to actions/showProducData.jsp.
> To prevent direct access to jsp files that are locate in actions i added
> this part to server.xml in the host part,
> <Context path="/test/actions" docBase="/err" debug="0"
> crossContext="false"/>
> So when i try to do direct access to any jsp in actions is run the index
> file under err.
>
> The problem is when i run the link like this
> http://127.0.0.1/test?do=showProductData, is not work.
> If i want to cover this problem i have to add Host section to server.xmlfor
> 127.0.0.1 and put in it
> this part <Context path="/test/actions" docBase="/err" debug="0"
> crossContext="false"/>.
>
> Is there any better solution for this problem ?
>
> Thank you all.
> --
> View this message in context:
> http://www.nabble.com/server.xml-configuration..-tf3353902.html#a9327284
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
When we invent time, we invent death.

Re: server.xml configuration..

[Li <am...@gmail.com>]

Hi,

Tomcat forbids directly access to files in your WEB-INF, which you can use
the feature to setup a simple solution to protect certain jsp files so you
can not direct access your jsp resource but use dispatched way to access ...

On 3/6/07, Raghupathy, Gurumoorthy <Gu...@nielsen.com>
wrote:
>
> Any reason why cant you put all pf the jsp inside WEB-INF folder
> This way you can be sure that no one is able to access your jsp file
> ....
>
>
> Regards
> Guru
>
> ------------------------------------------------------------------------
> -----------
> Gurumoorthy Raghupathy
> Email  :  gurumoorthy.raghupathy@vnuinc.co.uk
> Internal Extn : 2337
> External Phone  : 01483712337
> Nielsen Book
> 3rd Floor Midas House
> 62 Goldsworth Road
> Woking Surrey GU21 6LQ
> Visit us at  : http://www.nielsenbookdata.co.uk/
> ------------------------------------------------------------------------
> -----------
> -----Original Message-----
> From: Tim Funk [mailto:funkman@joedog.org]
> Sent: 06 March 2007 11:37
> To: Tomcat Users List
> Subject: Re: server.xml configuration..
>
> Use a servlet filter which is mapped to *.jsp - see Google for more
> details on Servlet Filters. (javax.servlet.Filter)
>
> -Tim
>
>
> prt wrote:
> > Hi to all,
> > Where i have to config and what, to prevent direct access to my jsp
> files ?
> >
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
When we invent time, we invent death.

RE: server.xml configuration..

["Raghupathy, Gurumoorthy" <Gu...@nielsen.com>]

Any reason why cant you put all pf the jsp inside WEB-INF folder
This way you can be sure that no one is able to access your jsp file
.... 


Regards
Guru
 
------------------------------------------------------------------------
-----------
Gurumoorthy Raghupathy
Email  :  gurumoorthy.raghupathy@vnuinc.co.uk
Internal Extn : 2337 
External Phone  : 01483712337 
Nielsen Book
3rd Floor Midas House
62 Goldsworth Road
Woking Surrey GU21 6LQ
Visit us at  : http://www.nielsenbookdata.co.uk/ 
------------------------------------------------------------------------
-----------
-----Original Message-----
From: Tim Funk [mailto:funkman@joedog.org] 
Sent: 06 March 2007 11:37
To: Tomcat Users List
Subject: Re: server.xml configuration..

Use a servlet filter which is mapped to *.jsp - see Google for more 
details on Servlet Filters. (javax.servlet.Filter)

-Tim


prt wrote:
> Hi to all,
> Where i have to config and what, to prevent direct access to my jsp
files ?
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: server.xml configuration..

[Tim Funk <fu...@joedog.org>]

Use a servlet filter which is mapped to *.jsp - see Google for more 
details on Servlet Filters. (javax.servlet.Filter)

-Tim


prt wrote:
> Hi to all,
> Where i have to config and what, to prevent direct access to my jsp files ?
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org