• Post Reply Bookmark Topic Watch Topic
  • New Topic

Blocking jsp  RSS feed

 
rudresh kumar
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI All,

I am trying to block the jsp's of one particular folder which is outside WEB-INF.
I don't want users to directly give the jsp name and get the page. In order to avoid this. i have put the following in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureDesPages</web-resource-name>
<description>Security constraint for jsp pages</description>
<url-pattern>jsp/*.jsp</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>sensitive</role-name>
</auth-constraint>

But even then it is not working

can some one help me on solving this issue

Thanks
Rudresh
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66144
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The easiest way to do this is to move the folder to under WEB-INF, of course. Why can't you just do that?

Otherwise, you could employ a filter.
[ October 01, 2007: Message edited by: Bear Bibeault ]
 
rudresh kumar
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,

In that case i have to open few jsp's as pop up, if i put on web.xml then i hope it will not open.

Let me know few details on implementing Filter and i have some 200 jsp's is that fine to deploy Filters ?

Thanks
Rudresh
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by rudresh kumar:

In that case i have to open few jsp's as pop up, if i put on web.xml then i hope it will not open.


Opening a JSP as a popup is no different, as far as the server is concerned, than opening any other type of JSP. Any restriction that would keep the user from opening it by typing in the URL would also stop your browser from opening it as a popup.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!