• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Disallow access to *.jsp

 
Edmund Yong
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to disallow direct access to my JSPs. They are all mapped to *.do already, and access should be through *.do. So any request with *.jsp should be disallowed. I tried different combination of the below, but still can't get it to work.



Help is appreciated. Thanks!
 
Gowher Naik
Ranch Hand
Posts: 643
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
try
<url-pattern>*.jsp</url-pattern>
 
Gowher Naik
Ranch Hand
Posts: 643
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Below is complete fragment of web.xml for security.
Your web.xml fragment is incomplete.
 
Edmund Yong
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
gowher, I tried your solution, but a dialog box pops up and asks me for user name and password. That's not what I want. Thanks.
 
Gowher Naik
Ranch Hand
Posts: 643
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
copy all files inside WEB-INF dir then user will not be able to access thoses files directly.
files outside WEB-INF dir are directly access But files inside WEB-INF cannot be directly accessed.
 
Edmund Yong
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
copy all files inside WEB-INF dir then user will not be able to access thoses files directly.
files outside WEB-INF dir are directly access But files inside WEB-INF cannot be directly accessed.


Copying all JSPs inside WEB-INF doesn't seem like a good idea. We have already organized the JSPs into separate folders outside WEB-INF.
 
Arvind Giri
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try it:

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic