[jboss-user] [JBoss Portal] - Re: Best practice: secure direct web app access

PeterJ do-not-reply at jboss.com
Thu Mar 20 13:33:26 EDT 2008

Any content you reference in your portlet code (within Java or a JSP) you can place into WEB-INF, but anything that will be referenced via a URL embedded in an html document sent to the browser will need to remain outside of WEB-INF. Thus you might have to leave the css, javascripts and images outside WEB-INF. One possible alternative is to place these items into CMS and access them from there; you can even apply access control to them so they cannot be accessed except by people logged into the portal.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138111#4138111

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138111

More information about the jboss-user mailing list