[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - calling pages directly
wondermike
do-not-reply at jboss.com
Sat Aug 19 12:54:20 EDT 2006
Hello, I'd like to prevent a web user of calling an url like http://hostname/page.seam or even http://hostname/page.xhtml directly, instead, the only page he should call ist home.seam, the rest should go via buttons that call methods in manager beans. Those methods return an outcome which is then looked up in faces-config.xml.
I already tried to put the xhtml pages into the WEB-INF directory, but that didn't help, the pages couldn't be accessed anymore. They may be included, so if there's no way to configure the above, my question turns into a design question ... should I put everything into WEB-INF and include the pages I need?
What do I have to adjust in my web config in order to prevent accessing the pages directly?
My environment is:
jboss-4.0.4.GA
jboss-seam-1.0.1.GA
Here's my current web.xml:
| <?xml version="1.0" ?>
| <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
| version="2.4">
|
| <listener>
| <listener-class>org.jboss.seam.servlet.SeamListener</listener-class>
| </listener>
|
| <listener>
| <listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
| </listener>
|
| <context-param>
| <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
| <param-value>client</param-value>
| </context-param>
|
| <context-param>
| <param-name>facelets.DEVELOPMENT</param-name>
| <param-value>true</param-value>
| </context-param>
|
| <context-param>
| <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
| <param-value>.xhtml</param-value>
| </context-param>
|
| <!-- added by mk -->
| <context-param>
| <param-name>org.apache.myfaces.PRETTY_HTML</param-name>
| <param-value>true</param-value>
| </context-param>
|
| <!-- added by mk -->
| <context-param>
| <param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
| <param-value>true</param-value>
| </context-param>
|
| <!-- added by mk -->
| <context-param>
| <param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
| <param-value>false</param-value>
| </context-param>
|
| <!-- added by mk -->
| <context-param>
| <param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
| <param-value>false</param-value>
| </context-param>
|
| <filter>
| <filter-name>Seam Exception Filter</filter-name>
| <filter-class>org.jboss.seam.servlet.SeamExceptionFilter</filter-class>
| </filter>
|
| <filter>
| <filter-name>Seam Redirect Filter</filter-name>
| <filter-class>org.jboss.seam.servlet.SeamRedirectFilter</filter-class>
| </filter>
|
| <filter-mapping>
| <filter-name>Seam Exception Filter</filter-name>
| <url-pattern>/*</url-pattern>
| </filter-mapping>
|
| <filter-mapping>
| <filter-name>Seam Redirect Filter</filter-name>
| <url-pattern>*.seam</url-pattern>
| </filter-mapping>
|
| <servlet>
| <servlet-name>Faces Servlet</servlet-name>
| <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
| <load-on-startup>1</load-on-startup>
| </servlet>
|
| <servlet-mapping>
| <servlet-name>Faces Servlet</servlet-name>
| <url-pattern>*.seam</url-pattern>
| </servlet-mapping>
| </web-app>
|
Thanks for any hint/help!
Michael
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966248#3966248
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966248
More information about the jboss-user
mailing list