Pablitron
Mar 17th, 2006, 08:43 AM
Hi everybody!
This is my first post here...
I'm building a web application using Spring MVC and i'd like to forbid a direct access to its jsp pages (is that, by specifying their path inside the web root), which should only be reached through a logic name defined with an UrlMapper.
I'm searching a solution that doesn't force me to move the pages into the WEB-INF folder (the project has been already deployed in a production system and i'd like to avoid big refactoring operations), so I tried to control the access by adding an interceptor to the SimpleUrlHandlerMapping with a preHandle method to block request to .jsp resources.
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if(request.getRequestURL().indexOf(".jsp")!=-1)
{
logger.error("Direct call to page: "+ request.getRequestURL());
request.getRequestDispatcher("/error.one").forward(request,response);
return false;
}
return true;
}
Obviously, web.xml has been configured to let the spring Dispatcher Servlet manage both the .jsp and the .myApp resources
<servlet-mapping>
<servlet-name>springDispatcherServlet</servlet-name>
<url-pattern>*.myApp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>springDispatcherServlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
But this solution gives me problems, since now the server can't find the resources corresponding to the view responses of my application, defined in this way:
<bean name="errorResponse" class="org.springframework.web.servlet.view.JstlView">
<property name="url">
<value>jsp/errorResponse.jsp</value>
</property>
</bean>
<bean name="login" class="org.springframework.web.servlet.view.JstlView">
<property name="url">
<value>jsp/login/login.jsp</value>
</property>
</bean>
This is the message returned by the server:
2006-03-17 14:33:08,818] [WARN ] [DispatcherServlet.java] [noHandlerFound] [833] No mapping for [/myApplication/jsp/login/login.jsp] in DispatcherServlet with name 'dispatcher-servlet'
Is anybody able to help me??:rolleyes:
This is my first post here...
I'm building a web application using Spring MVC and i'd like to forbid a direct access to its jsp pages (is that, by specifying their path inside the web root), which should only be reached through a logic name defined with an UrlMapper.
I'm searching a solution that doesn't force me to move the pages into the WEB-INF folder (the project has been already deployed in a production system and i'd like to avoid big refactoring operations), so I tried to control the access by adding an interceptor to the SimpleUrlHandlerMapping with a preHandle method to block request to .jsp resources.
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if(request.getRequestURL().indexOf(".jsp")!=-1)
{
logger.error("Direct call to page: "+ request.getRequestURL());
request.getRequestDispatcher("/error.one").forward(request,response);
return false;
}
return true;
}
Obviously, web.xml has been configured to let the spring Dispatcher Servlet manage both the .jsp and the .myApp resources
<servlet-mapping>
<servlet-name>springDispatcherServlet</servlet-name>
<url-pattern>*.myApp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>springDispatcherServlet</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping>
But this solution gives me problems, since now the server can't find the resources corresponding to the view responses of my application, defined in this way:
<bean name="errorResponse" class="org.springframework.web.servlet.view.JstlView">
<property name="url">
<value>jsp/errorResponse.jsp</value>
</property>
</bean>
<bean name="login" class="org.springframework.web.servlet.view.JstlView">
<property name="url">
<value>jsp/login/login.jsp</value>
</property>
</bean>
This is the message returned by the server:
2006-03-17 14:33:08,818] [WARN ] [DispatcherServlet.java] [noHandlerFound] [833] No mapping for [/myApplication/jsp/login/login.jsp] in DispatcherServlet with name 'dispatcher-servlet'
Is anybody able to help me??:rolleyes: