Hi All, I am recently joined this group. I want to know that "Why can't we access resources directly that are inside the WEB-INF or META-INF folders?" but we can access all resoureces that are outside this folder using URL.
Because there were a things that web client don't need to access and access them is dangerous for web application. now just assume there were some configuration that client shouldn't be aware from them then when you go a little deeper you realize it.
Besides those inside WEB-INF and META-INF, you need to protect those resources outside WEB-INF else the client browser will be displaying the contents of your webapp which in most cases will be JSP files. This will happen when the client types the url until the webapp name like http://localhost:8080/testapp. This can be protected by defining a welcome-file list for the web-app.
SCJP1.4, SCBCD 1.3, SCWCD 1.4, SCEA 5, JLPT-N3
Anil Sharma wrote:Hi,
Thanks for your valuable suggestions.
I know that we can't access resources inside the WEB-INF by directly using URL to protect them.
I think the way which I put my question is not correct.
I should ask like �what things (factors) are responsible to prevent the access of resources inside WEB-INF in the web application?� Is there any mapping defined in the server for that or what?
Please send your valuable suggestions.
Anil that is a nice questions.
JavaSecurityManager is the one responsible for making this rule by granting permission to WEB-INF in policy file format.
looks like you can give such capability given to WEB-INF to your desired directory by editing :
for more information go through this link (its interesting)
apache tomcat-java SecurityManager