>From: michel [mailto:compu...@videotron.ca] >Subject: Re: WEB-INF > > >----- Original Message ----- >From: "Leo Donahue - PLANDEVX" <leodona...@mail.maricopa.gov> >To: "'Tomcat Users List'" <users@tomcat.apache.org> >Sent: Friday, September 10, 2010 10:13 AM >Subject: WEB-INF > > >I've read that you can secure direct access to a JSP by placing it in >the >WEB-INF directory. I know you can also secure direct access to a JSP by >creating a security constraint using URL patterns and assigning role >names >that do not exist. > >I've also "heard" that when you secure a URL using a security >constraint, >that you are not securing the "resource". > >Most of the time I struggle with the semantics of the words people >choose to >use when discussing certain points. > >Is there a difference between securing the URL and securing the >"resource"? > >Leo Donahue > > >---------------------------------------------------------------- > >Leo, what do you mean "direct access to a JSP"? You get direct access to >any >JSP if you specify the URL. > > >Michel >
---------------------------------------------------------------- Michel, I don't know. I'm trying to understand why there are so many of these kinds of questions. http://www.google.com/search?hl=en&q=prevent+direct+access+to+jsp&aq=0m&aqi=g-m1&aql=&oq=direct+access+to+j&gs_rfai= --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
