File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes mapping JSPs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "mapping JSPs" Watch "mapping JSPs" New topic
Author

mapping JSPs

S Reddy
Ranch Hand

Joined: May 17, 2007
Posts: 45
Can you please give me references about mapping JSPs in the DD like servlets. Basically, I do want to know at which locations the JSPs can be put, and how they can be mapped in web.xml file.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

If you'd take some time to take a look at the Servlets Specification, you'd see that the servlet tag has an option to declare a JSP file as a servlet :


I leave you figure out where to put the JSP file, and how to map it. (it maps like any servlet)


[My Blog]
All roads lead to JavaRanch
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60055
    
  65

Why would you want to do that? It's a rare thing to need to do.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
S Reddy
Ranch Hand

Joined: May 17, 2007
Posts: 45
I just want to secure my JSPs from users of the application. I mean the user shouldn't able to type the path and reach my JSPs directly, they must go through the site. By putting JSPs in the root of the application, I am allowing users to type the path to reach them. Right? I don't want to do that.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60055
    
  65

Put them under WEB-INF. Then they cannot be directly accessed. No mapping nonsense necessary.
S Reddy
Ranch Hand

Joined: May 17, 2007
Posts: 45
So.. can I put some JSPs in root directory, and some JSPs under WEB-INF directory? I think then it will be a problem for the server to know where the requested JSP is without mapping?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
No, because JSPs underneath WEB-INF aren't directly accessible to begin with. You'd have to use servlets which forward to (or include) those JSPs. So the control flow would be a bit different than what you have now.
[ January 23, 2008: Message edited by: Ulf Dittmer ]

Ping & DNS - updated with new look and Ping home screen widget
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

With a servlet entry and a mapping, they are accessible from within WEB-INF.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

With a servlet entry and a mapping, they are accessible from within WEB-INF.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

This isn't that un-common in model1 architectures where everything is written in JSP. It allows you to set servlet-init params in the deployment descriptor , restrict direct access to the JSP, and to group components with URL patterns that easily be matched up with filter mappings, etc...

These days, the accepted best practice is to use JSPs only as a view tier which would eliminate any need for the things mentioned above.
S Reddy
Ranch Hand

Joined: May 17, 2007
Posts: 45
I got it...


But, giving WEB-INF in path feels weird... am I doing it correctly?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Srikanth Reddy Lankireddy:

But, giving WEB-INF in path feels weird... am I doing it correctly?


It shouldn't feel weird, you're mapping the path to the file, relative to the root of your application.
Abhinav Srivastava
Ranch Hand

Joined: Nov 19, 2002
Posts: 349

there could be other ways to prevent users from directly accessing resources like checking for "referer" in the request header (e.g. it would be null if address is manually entered), *.jsp in url-pattern so all requests go thru your front-controller and you dynamically decide which page to return.
[ January 23, 2008: Message edited by: Abhinav Srivastava ]
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

like checking for "referer" in the request header

I read some times ago that the referer was not something you could rely on. You cannot be sure that it will be set.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: mapping JSPs
 
Similar Threads
Hiding jsp pages behind WEB-INF
Return from Action to a non-jsp Page
Can i use java class in action attribute in form tag of jsp page?
Problems getting servlets to work on Tomcat 4
Sometimes users see other's secure data over ssl on jsp struts and glassfish