Leo judging from the answers you've got. I think it may be better to state what you want to achieve. I'm not clear if you want to prevent access or allow access at the moment. Especially with the security role and no access.
Is it that you want to protect your source code. Prevent access, prevent access under certain circumnstances. Or is it just you want the best way of not having something accessible through the outside world? Sorry If my questions don't make most sense. Regards, Wes On Fri, Sep 10, 2010 at 4:35 PM, michel <compu...@videotron.ca> wrote: > > ----- Original Message ----- From: "Caldarale, Charles R" > <chuck.caldar...@unisys.com> > To: "Tomcat Users List" <users@tomcat.apache.org> > Sent: Friday, September 10, 2010 10:32 AM > Subject: RE: WEB-INF > > >> From: michel [mailto:compu...@videotron.ca] >> Subject: Re: WEB-INF > >> You get direct access to any JSP if you specify the URL. > > Not true. There is no direct client access to anything under WEB-INF. > > ------------------------------------------------------------------------------Chuck, > do you mean things like URL rewrites and such are ignored if you puta JSP in > WEB-INF?Michel > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
