2010/2/18 Cimballi :
> The default pattern is to put all JSPs under WEB-INF and so you force
> the call to an action to access them.
As I know, it works only under Tomcat - it isn't standard. Better
solution is to use security constraint section in web.xml
Access to JSP files
JSP
*.j
The default pattern is to put all JSPs under WEB-INF and so you force
the call to an action to access them.
Cimballi
On Wed, Feb 17, 2010 at 7:46 PM, Wong Chin Shin wrote:
> Hi,
>
> I've had a pen test finding where our JSP files, which are in the public
> directories of our web app can be open
Hi,
I've had a pen test finding where our JSP files, which are in the public
directories of our web app can be opened directly as long as the user knows
the name of the JSP file. This is a site where a login is mandatory to
access any content. Struts actions are already protected where the action
Issue registered: https://issues.apache.org/jira/browse/WW-3386
-Original Message-
From: Lukasz Lenart [mailto:lukasz.len...@googlemail.com]
Sent: Wednesday, February 17, 2010 11:44 AM
To: Struts Users Mailing List
Subject: Re: [Q] JavaTemplate Plugin
2010/2/17 Hoying, Ken :
> This end
2010/2/17 Hoying, Ken :
> This ended up being a little tougher to accomplish than I had expected.
>
> I tried to override the TemplateEngineManager by specifying the bean in my
> struts.xml file. However, struts did not like that there was one already
> loaded from the struts-default.xml.
>
> So
This ended up being a little tougher to accomplish than I had expected.
I tried to override the TemplateEngineManager by specifying the bean in my
struts.xml file. However, struts did not like that there was one already
loaded from the struts-default.xml.
So I created a copy of the struts-defa
6 matches
Mail list logo
