File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes WEB_INF Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "WEB_INF" Watch "WEB_INF" New topic
Author

WEB_INF

Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
I got a jsp page in the following dir structure...
WEB-INF/templates/jsp/navigations/test.jsp
How do I make a link to a jsp(test2.jsp) in that same dir.
ie. <a href="test2.jsp">Link</a>
does not link me to the right place.
dagmar timler
Greenhorn

Joined: Nov 16, 2001
Posts: 11
Two Questions first:
(1) are you using tomcat?
(2) why are your jsp files under the WEB-INF folder?
<splurb>
As far as I would figure, this isn't the right place for them - I may stand to be corrected. Rather put them in the folder for your web app in the webapps folder and then you should be able to link to them how you mentioned.
</splurb>
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16305
    
  21

WEB-INF is about as wrong a place as you can get - it's supposed to be inaccessible for presentation. WEB-INF is where the class files, libraries, config files, resources, and other "invisible" support stuff goes. JSP's should go in the project root (at the SAME level as WEB-INF, not INSIDE it). Or in user-defined subdirectories of the root, if there's a need to divide them up.


Customer surveys are for companies who didn't pay proper attention to begin with.
Anthony Smith
Ranch Hand

Joined: Sep 10, 2001
Posts: 285
I wanted to make my jsp pages secure. How can I go about doing that?
Ashik Uzzaman
Ranch Hand

Joined: Jul 05, 2001
Posts: 2370

Very old but useful post. I tried to keep my javadoc API in a project preparing a directory structure as /WEB-IBF/api and found my tomcat can't access them through a simple URL. But it works fine out of WEB-INF directory. I tested it a few days ago using Tomcat 4.1.24.
I would like to know if there is any specification for the servlet/JSP containers that it won'y allow HTML or JSP files to access and process from within WEB-INF directory?


Ashik Uzzaman
Senior Member of Technical Staff, Salesforce.com, San Francisco, CA, USA.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I can't quote anything concrete, but my understanding is that this is a bit of a grey area.
Web containers are not allowed to serve requests from the web-inf directory, but it is the interpretation of this meaning that is apparently different between servers.
When I took the time to search the Tomcat code (I'm not sure of the version), I found it blocks all access to the web-inf directory in the container.
I've heard rumours that some servers allow include and forward calls to be made to resources in the web-inf directory, but I've never been able to verify this behaviour. My preference for protecting JSPs is to place them in a separate directory (eg /jsps) and prevent them being served directly using the web server.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

I've heard rumours that some servers allow include and forward calls to be made to resources in the web-inf directory, but I've never been able to verify this behaviour.

Yes, you are right.
http://www.onjava.com/pub/a/onjava/2002/10/30/jakarta.html?page=3

ABCD, EFG, HIJK, LMNOP ..Do you want me continue the sequence

[ September 05, 2003: Message edited by: Pradeep Bhat ]
[ September 05, 2003: Message edited by: Pradeep Bhat ]

Groovy
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Thanks for the link, I appreciate it!
A final comment when storing your JSPs underneath WEB-INF: not all containers support this feature. Earlier versions of WebLogic did not interpret the Servlet specification the same as others, and it was not possible to do this. This is reported to be changed with newer versions of WebLogic. Just be sure to check your specific container.

I've been bitten too many times by non-specific behaviour like this ever use it in production. Not only is it vendor specific, but it is the sort of thing that varies between versions too, and will not be part of the documentation. You won't know if it works in the next product till you try it - not very stable for production code!
I'll still push the web server as the place to put this rule.
Dave
( Do you want me continue the sequence )
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

It did not work for me in weblogic 7.0
( Do you want me continue the sequence )

Yes, please do that.
[ September 05, 2003: Message edited by: Pradeep Bhat ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WEB_INF