Web tier: servlets, JSP, Web frameworks: JSPs & Security??
What are the secrets to security with JSP's?
I am running netscape web server with JRUN app server, both on solaris..
How can I make my JSP's secure -...so users can't type in the JSP URL directly...
If you are using a recent version of JRun, you should be able to configure J2EE standard security through the web.xml file:
This example is for a servlet, but it can be used for JSP as well. Just make the <url-pattern> for your web resource match your JSP: *.jsp
is it that easy?
All I have to do is just declare a folder in the web.xml under security-constrainte and the web server does the rest??
it just blocks out the path specified?
is this how everyone does it?
Does my JSP have to have any code inside??