Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

mapping JSPs

 
S Reddy
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you please give me references about mapping JSPs in the DD like servlets. Basically, I do want to know at which locations the JSPs can be put, and how they can be mapped in web.xml file.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you'd take some time to take a look at the Servlets Specification, you'd see that the servlet tag has an option to declare a JSP file as a servlet :


I leave you figure out where to put the JSP file, and how to map it. (it maps like any servlet)
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64633
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why would you want to do that? It's a rare thing to need to do.
 
S Reddy
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just want to secure my JSPs from users of the application. I mean the user shouldn't able to type the path and reach my JSPs directly, they must go through the site. By putting JSPs in the root of the application, I am allowing users to type the path to reach them. Right? I don't want to do that.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64633
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Put them under WEB-INF. Then they cannot be directly accessed. No mapping nonsense necessary.
 
S Reddy
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So.. can I put some JSPs in root directory, and some JSPs under WEB-INF directory? I think then it will be a problem for the server to know where the requested JSP is without mapping?
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, because JSPs underneath WEB-INF aren't directly accessible to begin with. You'd have to use servlets which forward to (or include) those JSPs. So the control flow would be a bit different than what you have now.
[ January 23, 2008: Message edited by: Ulf Dittmer ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With a servlet entry and a mapping, they are accessible from within WEB-INF.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With a servlet entry and a mapping, they are accessible from within WEB-INF.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This isn't that un-common in model1 architectures where everything is written in JSP. It allows you to set servlet-init params in the deployment descriptor , restrict direct access to the JSP, and to group components with URL patterns that easily be matched up with filter mappings, etc...

These days, the accepted best practice is to use JSPs only as a view tier which would eliminate any need for the things mentioned above.
 
S Reddy
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got it...


But, giving WEB-INF in path feels weird... am I doing it correctly?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Srikanth Reddy Lankireddy:

But, giving WEB-INF in path feels weird... am I doing it correctly?


It shouldn't feel weird, you're mapping the path to the file, relative to the root of your application.
 
Abhinav Srivastava
Ranch Hand
Posts: 354
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
there could be other ways to prevent users from directly accessing resources like checking for "referer" in the request header (e.g. it would be null if address is manually entered), *.jsp in url-pattern so all requests go thru your front-controller and you dynamically decide which page to return.
[ January 23, 2008: Message edited by: Abhinav Srivastava ]
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
like checking for "referer" in the request header

I read some times ago that the referer was not something you could rely on. You cannot be sure that it will be set.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic