-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:[EMAIL PROTECTED] >> Subject: Re: tomcat Webapp security. >> >> <servlet-mapping> >> <servlet-name>jsp</servlet-name> >> <url-pattern>*.jsp</url-pattern> >> </servlet-mapping> >> <servlet-mapping> >> <servlet-name>jsp</servlet-name> >> <url-pattern>*.jspx</url-pattern> >> </servlet-mapping> >> (Not sure why this mapping is in there twice, but whatever...) > > They are different mappings; using *.jsp* for the <url-pattern> may get > files that are not complete JSPs. Oh, hey. I just realized that the second was was ".jspx" instead of ".jsp". > IIRC, that won't work, since the DefaultServlet does not include the > <url-pattern> when it forms the path to the static content. I believe > you have to map everything but the static location(s) to the app's own > servlets, and then let the normal default pattern of "/" handle the > rest. (Haven't tried this in a while, so it might be different now.) > Could also subclass the default servlet, and implement your own doGet(), > etc., methods to include the <url-pattern>. Ugh. What about re-mapping the jsp-servlet to only process things in a subdir? Or, are we just fighting the wrong battle, here. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtmRr9CaO5/Lv0PARApHXAJ9g6bjFH04WKAGoDgzECmQUgqsZTwCfY1WB fjZ9e7JtdU3ZHgc+BbnxoK0= =NdNg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
