This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Why can't we access resources using URL, inside the WEB-INF or META-INF folders

 
Anil Sharma
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I am recently joined this group.
I want to know that "Why can't we access resources directly that are inside the WEB-INF or META-INF folders?"
but we can access all resoureces that are outside this folder using URL.

Anil Sharma
SCJP 1.4
SCWCD 1.4(Preparing)
 
Reza Ravasizadeh
Ranch Hand
Posts: 177
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because there were a things that web client don't need to access and access them is dangerous for web application.
now just assume there were some configuration that client shouldn't be aware from them then when you go a little deeper you realize it.
 
Kuppusamy Venkatasubramanian
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Besides those inside WEB-INF and META-INF, you need to protect those resources outside WEB-INF else the client browser will be displaying the contents of your webapp which in most cases will be JSP files. This will happen when the client types the url until the webapp name like http://localhost:8080/testapp. This can be protected by defining a welcome-file list for the web-app.

SAM..
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That is protected area, you can put resources that you don't want client access it directly.
 
Anil Sharma
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Thanks for your valuable suggestions.

I know that we can't access resources inside the WEB-INF by directly using URL to protect them.
I think the way which I put my question is not correct.

I should ask like �what things (factors) are responsible to prevent the access of resources inside WEB-INF in the web application?� Is there any mapping defined in the server for that or what?

Please send your valuable suggestions.
 
Bimal Patel
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Anil,

I think this is defined in the specs. It may depend on the container implementetion i.e. how it is not accessible may be vendor specific.
 
Rafi Fareen
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anil Sharma wrote:Hi,
Thanks for your valuable suggestions.

I know that we can't access resources inside the WEB-INF by directly using URL to protect them.
I think the way which I put my question is not correct.

I should ask like �what things (factors) are responsible to prevent the access of resources inside WEB-INF in the web application?� Is there any mapping defined in the server for that or what?

Please send your valuable suggestions.


Anil that is a nice questions.
Java SecurityManager is the one responsible for making this rule by granting permission to WEB-INF in policy file format.
looks like you can give such capability given to WEB-INF to your desired directory by editing :
$CATALINA_HOME/conf/catalina.policy file.
for more information go through this link (its interesting)
apache tomcat-java SecurityManager


 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anil not being around since 2007, I doubt he's going to see your answer. But who knows ?
Please check this FAQ.
 
Rafi Fareen
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Christophe Verré wrote:Anil not being around since 2007, I doubt he's going to see your answer. But who knows ?
Please check this FAQ.


i didn't see the date for the questions.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic