Secure jsp located outside war, using <security-constraint>

marinac Oct 20, 2006 3:50 AM

Hi,

Some of the jsp of a web application are outside the war, somewhere else on the server and I cannot move them inside the web app.

My question is how if I can secure them using <security-constraint> in web.xml and how should I write the <url-pattern> to them, if is it possible to do that.

<security-constraint>
<display-name>acces</display-name>
<web-resource-collection>
<web-resource-name>fullSite</web-resource-name>
<url-pattern>/opt/fatwire/Shared/elements/*</url-pattern>
<url-pattern>/jsp/cs_deployed/*</url-pattern>
<url-pattern>/targeting/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

Thanks!

1. Re: Secure jsp located outside war, using <security-constrai

peterj Oct 20, 2006 10:16 AM (in response to marinac)

As far as I know, that is not possible. You can have an external directory (see http://wiki.jboss.org/wiki/Wiki.jsp?page=ExternalDirectories) but it is for static content (html, jpg, gif, etc) only, not for jsps.
Actions