aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Why can't we access  resources using URL,  inside the WEB-INF or META-INF folders Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Why can Watch "Why can New topic
Author

Why can't we access resources using URL, inside the WEB-INF or META-INF folders

Anil Sharma
Greenhorn

Joined: Nov 07, 2005
Posts: 15
Hi All,
I am recently joined this group.
I want to know that "Why can't we access resources directly that are inside the WEB-INF or META-INF folders?"
but we can access all resoureces that are outside this folder using URL.

Anil Sharma
SCJP 1.4
SCWCD 1.4(Preparing)


Anil Sharma<br />SCJP 1.4, SCWCD 1.4(Preparing)
Reza Ravasizadeh
Ranch Hand

Joined: Jun 08, 2004
Posts: 177
Because there were a things that web client don't need to access and access them is dangerous for web application.
now just assume there were some configuration that client shouldn't be aware from them then when you go a little deeper you realize it.


Reza
Kuppusamy Venkatasubramanian
Ranch Hand

Joined: Dec 30, 2004
Posts: 91
Hi,

Besides those inside WEB-INF and META-INF, you need to protect those resources outside WEB-INF else the client browser will be displaying the contents of your webapp which in most cases will be JSP files. This will happen when the client types the url until the webapp name like http://localhost:8080/testapp. This can be protected by defining a welcome-file list for the web-app.

SAM..


SCJP1.4, SCBCD 1.3, SCWCD 1.4, SCEA 5, JLPT-N3
My Blog
Hong Anderson
Ranch Hand

Joined: Jul 05, 2005
Posts: 1936
That is protected area, you can put resources that you don't want client access it directly.


SCJA 1.0, SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCJP 5.0, SCEA 5, SCBCD 5; OCUP - Fundamental, Intermediate and Advanced; IBM Certified Solution Designer - OOAD, vUML 2; SpringSource Certified Spring Professional
Anil Sharma
Greenhorn

Joined: Nov 07, 2005
Posts: 15
Hi,
Thanks for your valuable suggestions.

I know that we can't access resources inside the WEB-INF by directly using URL to protect them.
I think the way which I put my question is not correct.

I should ask like �what things (factors) are responsible to prevent the access of resources inside WEB-INF in the web application?� Is there any mapping defined in the server for that or what?

Please send your valuable suggestions.
Bimal Patel
Ranch Hand

Joined: Aug 29, 2003
Posts: 130
Hi Anil,

I think this is defined in the specs. It may depend on the container implementetion i.e. how it is not accessible may be vendor specific.


Work Hard, Expect The Worst...<br /> <br />Bimal R. Patel<br />(SCJP 1.2, SCWCD 1.4)
Rafi Fareen
Ranch Hand

Joined: Aug 28, 2009
Posts: 75
Anil Sharma wrote:Hi,
Thanks for your valuable suggestions.

I know that we can't access resources inside the WEB-INF by directly using URL to protect them.
I think the way which I put my question is not correct.

I should ask like �what things (factors) are responsible to prevent the access of resources inside WEB-INF in the web application?� Is there any mapping defined in the server for that or what?

Please send your valuable suggestions.


Anil that is a nice questions.
Java SecurityManager is the one responsible for making this rule by granting permission to WEB-INF in policy file format.
looks like you can give such capability given to WEB-INF to your desired directory by editing :
$CATALINA_HOME/conf/catalina.policy file.
for more information go through this link (its interesting)
apache tomcat-java SecurityManager


Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Anil not being around since 2007, I doubt he's going to see your answer. But who knows ?
Please check this FAQ.


[My Blog]
All roads lead to JavaRanch
Rafi Fareen
Ranch Hand

Joined: Aug 28, 2009
Posts: 75
Christophe Verré wrote:Anil not being around since 2007, I doubt he's going to see your answer. But who knows ?
Please check this FAQ.


i didn't see the date for the questions.
 
 
subject: Why can't we access resources using URL, inside the WEB-INF or META-INF folders