A little background:
I have Front-Controller Servlet that fowards all requests to jsp's located outside the
application war. So, for example,
http://localhost/myapp/test.jsp is actually a jsp
located at (on windows) c:/content/client1/pages/test.jsp. I accomplish by doing the
following:
| ServletConfig currentConfig = getServletConfig();
| ServletContext otherContext =
currentConfig.getServletContext().getContext("/otherapp");
| RequestDispatcher dispatch = otherContext.getRequestDispatcher(page);
| dispatch.forward(request, response);
|
The issue is that I have the following in my web.xml:
| ...
| <servlet>
| <servlet-name>FrontServletController</servlet-name>
|
<servlet-class>com.diginsite.product.webcenter.website.FileController</servlet-class>
| </servlet>
| <servlet-mapping>
| <servlet-name>FrontServletController</servlet-name>
| <url-pattern>*.jsp</url-pattern>
| </servlet-mapping>
| <jsp-config>
| <jsp-property-group>
| <url-pattern>*.jsp</url-pattern>
| <scripting-invalid>true</scripting-invalid>
| </jsp-property-group>
| </jsp-config>
| ...
|
However, the c:/content/client1/pages/test.jsp file does contain a scriptlet and it is
working fine.
I've attempted changing the url pattern of the jsp-property-group directly to
/*/*/*/test.jsp with no luck as well as changing the url-pattern of the servlet to
*.myext.
-------------------------------------------------------------------------------------
Since the "otherapp" doesn't contain a web.xml I decided to try and modify
the $JBOSS_HOME/server/myapp/deploy/jbossweb-tomcat55.sar/conf/web.xml to include:
<jsp-config>
| <jsp-property-group>
| <url-pattern>*.jsp</url-pattern>
| <scripting-invalid>true</scripting-invalid>
| </jsp-property-group>
| </jsp-config>
This doesn't work either. Any other ideas of how I can prevent any jsp from
containing scriptlets.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4042442#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...