htm
GETPOST
fileman_user
fileman_user
30
CHAPTER 6 n REMOTELY MANAGING YOUR FILES: DWR FILE MANAGER 275
index.jsp
With regard to the security setup, the way I chose to do it is to be as explicit as possible, so
I actually protected each and every HTML and JSP file, save those used during login. Things
could have been organized differently, perhaps in a subdirectory where all the protected
resources go, which would have reduced all of that to a single constraint, but this way there??™s
no doubt about a mapping being incorrect. Also note that unlike DWiki, I??™ve constrained both
HTTP GET and POST methods. Especially for the file upload JSP, this is important because if just
GET were constrained, then a nonauthorized user would still be able to upload a file! That
clearly would not be a good thing, and that goes for downloading files more so, which is why
that JSP is similarly protected (in fact, they all are constrained on both methods, which is
probably a little overly anal; but again, this is a potentially very dangerous application, so we
want to be as vigilant as possible).
Pages:
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496