| Yazar |
|
onur
Two Story Town
Kayıt: 14.01.2006 |
|
Sunu bir dene istersen :
http://shrubbery.mynetgear.net/wiki/Prevent_access_to_include_files
Prevent access to all files in a directory
Fortunately, the solution is very easy: Add security constraint in WEB-INF/web.xml. For example, say you have a web application with some template files in a '/inc' directory. The security constraint would look like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Include files</web-resource-name>
<description>No direct access to include files.</description>
<url-pattern>/inc/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>No direct browser access to include files.</description>
<role-name>NobodyHasThisRole</role-name>
</auth-constraint>
</security-constraint>
|
|
|
| Yazar |
|
omergok
kenderuntanbul
Kayıt: 21.02.2007 |
|
abi cevap için çok sağol çalışıyor tıkır tıkır ama eclipse hata var gibi gösteriyor.
<role-name> tag'inin olduğu satır sorunlu görünüyor.
Severity and Description Path Resource Location Creation Time Id
CHKJ3020E: Invalid Security role-name: NobodyHasThisRole. og/WebContent/WEB-INF web.xml org.eclipse.jst.j2ee.webapplication.internal.impl.AuthConstraintImpl@19320cf (description: null, roles: [NobodyHasThisRole]) 1207289205936 17
xml'i pek bilmediğimden sorunun ne olduğunu çözemedim.
|
|
|
| Yazar |
|
orhan
istanbul
admin
Kayıt: 17.11.2005 |
|
include edeceğin sayfaların uzantılarını jsp yapman doğru değil çünkü o sayfalar çalıştırılabilir olmamalı. Uzantılarını *.inc yapmanda fayda var.
<security-constraint>
<display-name>Restrict inc files</display-name>
<web-resource-collection>
<web-resource-name>INC</web-resource-name>
<url-pattern>*.inc</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NONE</role-name>
</auth-constraint>
</security-constraint>
gibi farklı birşey yapacaksan bu include sayfalarını bir dizin altına toplamalısın.
<security-constraint>
<display-name>Restrict inc files</display-name>
<web-resource-collection>
<web-resource-name>INC</web-resource-name>
<url-pattern>/includes/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NONE</role-name>
</auth-constraint>
</security-constraint>
N/A
|
|
|
| Yazar |
|
nightwalker
Kayıt: 08.02.2006 |
|
selamlar,
gmail,yahoo veya hotmail (tercihen gmail :) ) hesabındaki kullanıcı adı ve sifresini kullanarak JSP uzerinden herhangi bir adrese nasıl mail gonderimi yapabilirim?
biraz arastırdım ama buldugum orneklerde sadece kimden, kime, subject ve mesaj alanları var yani sifre kullanımı falan yok sanırım kendi serverımız icin gecerli bunlar.
simdiden tesekkur ederim
|
|
|
| Yazar |
|
orhan
istanbul
admin
Kayıt: 17.11.2005 |
|
http://www.velocityreviews.com/forums/t141237-send-smtp-mail-using-javamail-with-gmail-account.html
N/A
|
|
|
| Yazar |
|
orhan
istanbul
admin
Kayıt: 17.11.2005 |
|
yahoo ve hotmail web tabanlı posta sunucularıdır. smtp, imap ve protokolleri (ücretsiz) kullnmanıza izin vermiyorlar.
N/A
|
|
|
| Yazar |
|
omergok
kenderuntanbul
Kayıt: 21.02.2007 |
|
abi senin verdiğin xml kodu da çalışıyor çalışmasına ama eclipse üzerinde web.xml dosyasında hata gösteriyor. role name tag'i hatalı diyor.
|
|
|
| Yazar |
|
orhan
istanbul
admin
Kayıt: 17.11.2005 |
|
xml dosyasını deklare ederken tepesine
<?xml version="1.0" ?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
yazman lazım.
N/A
|
|
|
| Yazar |
|
omergok
kenderuntanbul
Kayıt: 21.02.2007 |
|
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<display-name>og</display-name>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>
javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Restrict inc files</display-name>
<web-resource-collection>
<web-resource-name>INC</web-resource-name>
<url-pattern>/inc/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NONE</role-name>
</auth-constraint>
</security-constraint>
</web-app>
hala aynı abi
|
|
|
| Yazar |
|
orhan
istanbul
admin
Kayıt: 17.11.2005 |
|
dökümantasyonda var. orada bir validator hatası var gibi duruyor. görmezden gelecen artık. :)
<xsd:complexType name="auth-constraintType">
<xsd:annotation>
<xsd:documentation>
The auth-constraintType indicates the user roles that
should be permitted access to this resource
collection. The role-name used here must either correspond
to the role-name of one of the security-role elements
defined for this web application, or be the specially
reserved role-name "*" that is a compact syntax for
indicating all roles in the web application. If both "*"
and rolenames appear, the container interprets this as all
roles. If no roles are defined, no user is allowed access
to the portion of the web application described by the
containing security-constraint. The container matches
role names case sensitively when determining access.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="description"
type="javaee:descriptionType"
minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="role-name"
type="javaee:role-nameType"
minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:ID"/>
</xsd:complexType>
<!-- **************************************************** -->
<xsd:complexType name="auth-methodType">
<xsd:annotation>
<xsd:documentation>
The auth-methodType is used to configure the authentication
mechanism for the web application. As a prerequisite to
gaining access to any web resources which are protected by
an authorization constraint, a user must have authenticated
using the configured mechanism. Legal values are "BASIC",
"DIGEST", "FORM", "CLIENT-CERT", or a vendor-specific
authentication scheme.
Used in: login-config
</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="javaee:string"/>
</xsd:simpleContent>
</xsd:complexType>
N/A
|
|
|
| Yazar |
|
omergok
kenderuntanbul
Kayıt: 21.02.2007 |
|
tamam abi eyvallah (:
|
|
|
| Yazar |
|
neozepron
Ayd?n
Kayıt: 18.01.2006 |
|
Selamlar,
ben jsp'de mail yollamak istiyorum. Orhan'ın verdiği linke baktım ama çalıştıramadım. Sanırım Apache'de gerekli jar dosyaları yer almıyor. Aşağıdaki hatayı veriyor sayfa. Bununla ilgili hangi jar dosyalarını indirebilirim?
An error occurred at line: 10 in the generated java file
Only a type can be imported. javax.mail.Message resolves to a package
An error occurred at line: 11 in the generated java file
Only a type can be imported. javax.mail.MessagingException resolves to a package
An error occurred at line: 12 in the generated java file
Only a type can be imported. javax.mail.PasswordAuthentication resolves to a package...
|
|
|
| Yazar |
|
orhan
istanbul
admin
Kayıt: 17.11.2005 |
|
java.sun.com/products/javamail/
şuradan gerekli jar ları indirip. web-inf/lib altına kopyalarsan düzelir.
N/A
|
|
|
| Yazar |
|
neozepron
Ayd?n
Kayıt: 18.01.2006 |
|
Sorun çözüldü. Teşekkürler Orhan :)
|
|
|
|
|
-
 Del.icio.us
-
 Digg
-
 Facebook
-
 Furl
-
 Google
-
 Blink
-
 Simpy
-
 Spurl
-
 Y! MyWeb
|
|
| | | | | | | | | | |
