[jboss-user] [JBoss Seam] - Blocking direct access to .xhtml files
jazir1979
do-not-reply at jboss.com
Wed Sep 20 23:42:10 EDT 2006
Hi all,
I've noticed in my own app and in the booking example that if you know the name of the underlying .xhtml files, you can hit them directly in your browser and download the source.
eg: http://localhost:8080/seam-booking/home.xhtml
What is the recommended way of blocking this so that only .seam actions are handled? Should I have a servlet mapping for *.xhtml that returns a 404, or will this interfere with the workings of Seam?
I think it's a bit of a hole in a webapp to have the template files directly accessible like this.
cheers,
Daniel.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973140#3973140
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3973140
More information about the jboss-user
mailing list