Also what do you mean by accessible? Please be more complete in your posts.
I assume you mean that when you create a URL containing WEB-INF, that it serves the resources within it? If so, then the WEB-INF isn't really part of the web application. If it were, the container would not allow such access.
Verify that your web application structure and the context defining it are set up correctly.
Are you running your servlet/jsp container behind an apache web server? If so, the apache web server might be allowing access to files inside of WEB-INF that normally shouldn't be accessed. If this is the case, you can prevent this from happening by modifying the access permissions in httpd.conf or .htaccess.
Joined: Oct 13, 2007
Thanks for your post.
What I meant is I accidentally found that I can see the content of my web.xml application and also the .class files inside the WEB-INF if I type: "http://myapps/WEB-INF/web.xml" or if I type "http://myapps/WEB-INF/beans/myJavaProgram.class"
I'm not too familiar with Apache itself, it's a legacy system and no apache expert in our team yet. Here is the setting. Can you please advise how should I change this?
In one of the JSP pages, I also served some data from "/WEB-INF/data", so I want it to be accessible from my JSP but not from outside.
I know Servlet is better for this. But for now this JSP page must stay.
Joined: Dec 30, 2008
You might want to try making this modification and then restart Apache and see if it helps.
subject: /WEB-INF/classes/ in folder can be accessed from anywhere?