File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Servlet dispatching. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet dispatching." Watch "Servlet dispatching." New topic

Servlet dispatching.

Cristian Cardenas
Ranch Hand

Joined: Jan 29, 2002
Posts: 50
I'm trying to use an servlet that dispatch the request to a JSP page located in the WEB-INF directory of my web app. I'm having an error because it seems to be a forbidden access. But in the book I'm reading, appear that this kind of access is valid.
The code is like:
RequestDispatcher rd=getServletContext().getRequestDispatcher("/WEB-INF/ayuda.jsp");
Do you know what is the problem?
Thanks in advance.
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

I've seen this suggested before, where you can put your JSPs in the WEB-INF directory to protect them from direct access. ie you can only .forward or .include them.
I haven't actually read it but apparently the Servlet spec defines access to resources in the WEB-INF directory. I believe that the problem in the way it is defined is that it states that stuff under WEB-INF shouldn't be directly accessable, but it does not state that they should be indirectly accessable.
What this means is that there is no guarantee that any app server will allow you to do this.
The only server I actually tried this on was Tomcat 4, and after chasing it down in the source code, it appears that Tomcat will not allow any access to files in the WEB-INF directory. It explicitly denies access to anything matching */WEB-INF/*
I agree. Here's the link:
subject: Servlet dispatching.
It's not a secret anymore!