Re: prevent direct access to JSP
Robert Watkins wrote:
Tom Hawtin <usenet@tackline.plus.com> wrote in
news:46794827$0$8754$ed2619ec@ptn-nntp-reader02.plus.net:
Robert Watkins wrote:
Reading the API, it looks as if this should have been the behaviour
all along, but that's moot. The question is: How can I prevent direct
access to the JSP in another way?
Put the JSP under /WEB-INF/.
Tom Hawtin
Hmmm -- must be something I'm missing, because I get a 404 error:
The requested resource (/path/page.jsp) is not available.
Does the forward path have to change?
-- Robert
Tom Hawtin <usenet@tackline.plus.com> wrote in
>> Put the JSP under /WEB-INF/.
>>
>> Tom Hawtin
Robert Watkins wrote:
> Hmmm -- must be something I'm missing, because I get a 404 error:
>
> The requested resource (/path/page.jsp) is not available.
It is for the correct value of 'path'.
> Does the forward path have to change?
It has to include the WEB-INF/ path node.
Either:
RequestDispatcher dispatcher =
request.getRequestDispatcher( "/application/WEB-INF/page.jsp" );
or just
RequestDispatcher dispatcher =
request.getRequestDispatcher( "WEB-INF/page.jsp" );
I usually use relative paths (always down from current, never up).
BTW, if you had provided an SSCCE instead of paraphrasing as 'path',
'page.jsp', etc., you'd have had a much clearer question. Notice how
hand-waving over 'path' actually obscured the issue?
--
Lew