[jboss-user] [Beginners Corner] - Prevent Scriptlets

Erron do-not-reply at jboss.com
Wed May 2 10:25:09 EDT 2007 

A little background:

I have Front-Controller Servlet that fowards all requests to jsp's located outside the application war. So, for example, http://localhost/myapp/test.jsp is actually a jsp located at (on windows) c:/content/client1/pages/test.jsp.  I accomplish by doing the following:


  | ServletConfig currentConfig = getServletConfig();
  | ServletContext otherContext = currentConfig.getServletContext().getContext("/otherapp");
  | RequestDispatcher dispatch = otherContext.getRequestDispatcher(page);
  | dispatch.forward(request, response);
  | 

The issue is that I have the following in my web.xml:

  | ...
  | <servlet>
  | <servlet-name>FrontServletController</servlet-name>
  | <servlet-class>com.diginsite.product.webcenter.website.FileController</servlet-class>
  | </servlet>
  | <servlet-mapping>
  | <servlet-name>FrontServletController</servlet-name>
  | <url-pattern>*.jsp</url-pattern>
  | </servlet-mapping>
  | <jsp-config>
  | <jsp-property-group>
  | <url-pattern>*.jsp</url-pattern>
  | <scripting-invalid>true</scripting-invalid>
  | </jsp-property-group>
  | </jsp-config>
  | ...
  | 

However, the c:/content/client1/pages/test.jsp file does contain a scriptlet and it is working fine. 

I've attempted changing the url pattern of the jsp-property-group directly to /*/*/*/test.jsp with no luck as well as changing the url-pattern of the servlet to *.myext.

-------------------------------------------------------------------------------------

Since the "otherapp" doesn't contain a web.xml I decided to try and modify the $JBOSS_HOME/server/myapp/deploy/jbossweb-tomcat55.sar/conf/web.xml to include:
<jsp-config>
  | <jsp-property-group>
  | <url-pattern>*.jsp</url-pattern>
  | <scripting-invalid>true</scripting-invalid>
  | </jsp-property-group>
  | </jsp-config>
This doesn't work either.  Any other ideas of how I can prevent any jsp from containing scriptlets.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4042442#4042442

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4042442

More information about the jboss-user mailing list