• Post Reply Bookmark Topic Watch Topic
  • New Topic

JSP and MVC (role or not a role ?)

 
heiner weilandt
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
i want to develop an web-application, which is made with the MVC-design.
all my request are managed by the controller-servlets and this dispatch the request to another servlets or a jsp. it works fine.
i have one problem:
if the "bad guy" calls the jsp directly it's works also without my controller-servlet and the security-checks.
- can i give the jsp and the servlet a role, so that only the controller can dispatch to a jsp ?
- servlet and a role works fine, but for a jsp i get different errors.....
- how can i solve this problem ? - is this the wrong solution ?

thanks a lot
heiner

[ October 22, 2002: Message edited by: heiner weilandt ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
108
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A very easy, and common way, to prevent JSP pages from being directly accessed via a browser URL is to place them under the WEB-INF folder. Such files are not directly addressable via URL.
hth,
bear
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!