Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ensuring that page is loaded through Servlet...

Joachim,

You can protect your JSP pages  by putting them inside of a directory located inside of /WEB-INF. A name
like pages or protected would be good. This would yield a directory structure such as the one described
below:

                / <web application root>
                /WEB-INF
                    web.xml
                    /classes
                        ControllerServlet.class
                     /protected
                            blahblah.jsp
                            index.jsp
                            stuff.jsp

J2EE Servlet containers  (Tomcat, Jetty, Resin, etc.) will serve up  JSP pages inside of /WEB-INF via a forward, 
but they will refuse to serve files from the WEB-INF directory directly via a GET or POST request.

Cheers,

Darnell Gadberry
Lecturer, Department of Computer Engineering & Computer Science
University of California, San Diego
dgadberry AT cs DOT ucsd DOT edu

On May 27, 2005, at 7:39 PM, Joachim Haagen Bøe wrote:

Hello,

I have a simple controller servlet that verifies the query string, and dispatches different jsp files according to the specified queries. 

For instance 

site.com/ControllerServlet?page=report 

will forward the request to viewReport.jsp using the ServletContext:

ServletContext sc = getServletContext();
RequestDispatcher dispatcher = sc.getRequestDispatcher(dispatchURL);
dispatcher.forward(request, response);

Since the ControllerServlet controls the login of the webapp, I do not want anyone to be able to type in

site.com/viewReport.jsp and acccess this file. 

Is there a way that I can ensure that the viewReport.jsp file will return an error unless it is loaded through the ControllerServlet ? 


Very Best Regards,
Joachim Haagen Bøe


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden

This email sent to email@hidden
References: 
 >Ensuring that page is loaded through Servlet... (From: Joachim Haagen Bøe <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.