File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

WEB_INF

 
Anthony Smith
Ranch Hand
Posts: 285
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got a jsp page in the following dir structure...
WEB-INF/templates/jsp/navigations/test.jsp
How do I make a link to a jsp(test2.jsp) in that same dir.
ie. <a href="test2.jsp">Link</a>
does not link me to the right place.
 
dagmar timler
Greenhorn
Posts: 11
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two Questions first:
(1) are you using tomcat?
(2) why are your jsp files under the WEB-INF folder?
<splurb>
As far as I would figure, this isn't the right place for them - I may stand to be corrected. Rather put them in the folder for your web app in the webapps folder and then you should be able to link to them how you mentioned.
</splurb>
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17641
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WEB-INF is about as wrong a place as you can get - it's supposed to be inaccessible for presentation. WEB-INF is where the class files, libraries, config files, resources, and other "invisible" support stuff goes. JSP's should go in the project root (at the SAME level as WEB-INF, not INSIDE it). Or in user-defined subdirectories of the root, if there's a need to divide them up.
 
Anthony Smith
Ranch Hand
Posts: 285
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wanted to make my jsp pages secure. How can I go about doing that?
 
Ashik Uzzaman
Ranch Hand
Posts: 2373
Eclipse IDE Firefox Browser Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Very old but useful post. I tried to keep my javadoc API in a project preparing a directory structure as /WEB-IBF/api and found my tomcat can't access them through a simple URL. But it works fine out of WEB-INF directory. I tested it a few days ago using Tomcat 4.1.24.
I would like to know if there is any specification for the servlet/JSP containers that it won'y allow HTML or JSP files to access and process from within WEB-INF directory?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can't quote anything concrete, but my understanding is that this is a bit of a grey area.
Web containers are not allowed to serve requests from the web-inf directory, but it is the interpretation of this meaning that is apparently different between servers.
When I took the time to search the Tomcat code (I'm not sure of the version), I found it blocks all access to the web-inf directory in the container.
I've heard rumours that some servers allow include and forward calls to be made to resources in the web-inf directory, but I've never been able to verify this behaviour. My preference for protecting JSPs is to place them in a separate directory (eg /jsps) and prevent them being served directly using the web server.
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've heard rumours that some servers allow include and forward calls to be made to resources in the web-inf directory, but I've never been able to verify this behaviour.

Yes, you are right.
http://www.onjava.com/pub/a/onjava/2002/10/30/jakarta.html?page=3

ABCD, EFG, HIJK, LMNOP ..Do you want me continue the sequence

[ September 05, 2003: Message edited by: Pradeep Bhat ]
[ September 05, 2003: Message edited by: Pradeep Bhat ]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the link, I appreciate it!
A final comment when storing your JSPs underneath WEB-INF: not all containers support this feature. Earlier versions of WebLogic did not interpret the Servlet specification the same as others, and it was not possible to do this. This is reported to be changed with newer versions of WebLogic. Just be sure to check your specific container.

I've been bitten too many times by non-specific behaviour like this ever use it in production. Not only is it vendor specific, but it is the sort of thing that varies between versions too, and will not be part of the documentation. You won't know if it works in the next product till you try it - not very stable for production code!
I'll still push the web server as the place to put this rule.
Dave
( Do you want me continue the sequence )
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It did not work for me in weblogic 7.0
( Do you want me continue the sequence )

Yes, please do that.
[ September 05, 2003: Message edited by: Pradeep Bhat ]
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic