canujohann/struts-1-avoid-jsp-access.md

Last active August 29, 2015 14:02

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/canujohann/a5eaaf0d00b0b04708b7.js"></script>
Save canujohann/a5eaaf0d00b0b04708b7 to your computer and use it in GitHub Desktop.

Download ZIP

Struts 1 : avoid direct access to JSP

Raw

struts-1-avoid-jsp-access.md

avoid direct access to JSP

Avoid direct access to JSP in put JSP files into the web/src/class, or add the below code to your web.xml file:

<security-constraint> 

  <web-resource-collection> 
    <web-resource-name>Deny Direct Access</web-resource-name> 
    <description></description> 
    <url-pattern>*.jsp</url-pattern> 
  </web-resource-collection> 
    
  <auth-constraint> 
    <role-name>Denied</role-name> 
  </auth-constraint> 
  
</security-constraint> 

<security-role> 
  <role-name>Denied</role-name> 
</security-role>