As i understand Servlet mapping is done to hide the directory level information and to get some level of security. I mean to say we are avoiding the directory structure in the URL which in turn provide the security.
So... if somebody get to know the structure, he would access the files illegally. isn,t it ? But what if he gets the web.xml files itself??
i think i am confusing you guys because i am also....
web.xml is present in WEB-INF folder, and we can access anything from WEB-INF by calling browser.
that is secret folder. that is why user never get web.xml at any cost.
resources from WEB-INF we can access in same web application e.g. properties files.
web.xml is present in WEB-INF folder, and we can not access anything from WEB-INF by calling browser.
Note the correction - I think it's what Shailesh was really trying to say.
I'm going to repeat one of my "favorite" sayings here, since it's important:
A web server is not a file server!
URLs look similar to filename paths. They are not. URLs are Uniform ResourceLocators.
URLs are passed to the web server, which decodes them and (usually) passes them on to the web applications, which then also decode them and determine what resource is being requested and how to return it to the client. In many cases, parts of the URL will be used to construct a server-local filename path and copy the contents of a file at that location, but this is just one option.
When a J2EE appserver encounters incoming URLs, one of the things it does is look at a table of URL mappings that was built for the destination webapp. If the incoming URL matches one of those URLs, the appserver then looks at the mapping target data. If the mapping target data corresponds to the symbolic name that was given to a servlet, then the URL is passed to that servlet. That's a little simplified, since even before the URL routing mapping is checked, a security mapping would be checked first, if one existed, but that's the general idea.
J2EE was designed to produce robust, scalable, and maintainable applications. Part of that design involves extra indirections such as the servlet mapping. Although it makes overall design a little more complex, it makes the application as a whole less expensive to maintain and makes it easier to use generic "plug-in" components.
Sorry to be to visually offensive on this post, but I hope it drew attention to the important things.
An IDE is no substitute for an Intelligent Developer.
web.xml must be placed in WEB-INF folder. If the container receives a request for any file under WEB-INF it should return 404 - Not Found. At least if I remember correct.
If you have partial files, eg. .jsp headers or footers they can be placed under eg WEB-INF/templates. This way you avoid any user accessing them directly. The same applies to your servlet .class files. Put them under WEB-INF to avoid direct access.