aspose file tools*
The moose likes Struts and the fly likes Best way to place JSPs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Best way to place JSPs" Watch "Best way to place JSPs" New topic
Author

Best way to place JSPs

Thara Visu
Ranch Hand

Joined: May 17, 2005
Posts: 87
Where is the best place to keep JSPs? Under WebContent or WEB-INF.

When we keep JSPs under WEB-INF, where should stylesheets be placed?

Thanks in advance


Thara<br />SCJP 1.4 96%<br />SCBCD 1.3 96%
dnyan ginde
Ranch Hand

Joined: Jan 17, 2006
Posts: 68
If you do not want the users to access your JSP's directly by giving the URL in the browser, then you should keep the JSP's under WEB-INF. You should always keep your stylesheets, javascript, images outside WEB-INF since your browsers wont be able to locate these elements if kept under WEB-INF.
Thara Visu
Ranch Hand

Joined: May 17, 2005
Posts: 87
Thanks Dnyan.
Just a thought, why would not we want people to access the JSPs directly?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41839
    
  63
Because the JSP might not be designed to be accessed directly, e.g. it may only work if the request went through a servelt first, which added some attributes. Without these attributes, the JSP would not work.

Or maybe the JSP is not a full page, but only meant to be included in other JSPs.

What we have done in the past was to keep the JSPs in a public directory, but to check for a particular attribute (which would be set by all servlets), and if that attribute wasn't present, then the JSP would not generate output, but instead redirect to an error page.


Ping & DNS - my free Android networking tools app
dnyan ginde
Ranch Hand

Joined: Jan 17, 2006
Posts: 68
An example where you would not want the users to access the jsp directly is :

Say you have a login page where the user enters his email and password. On submitting the form the user is taken to the next jsp where he can vote for his favourite actor/actress. Your business requirement is such that the user can vote only once. In such a scenario you would typically check whether the user has voted or not when the user enters his email and password on the first screen itself. If he has voted you would not display the voting screen to the user. Now if you keep the voting.jsp outside WEB-INF and the user somehow gets to know the URL to this jsp he could access this jsp and cast his vote as many times as he wants because the check for already voted would be skipped, thus breaking your business requirement.
Brent Sterling
Ranch Hand

Joined: Feb 08, 2006
Posts: 948
My preference for a Struts based application is to have all access to pages go through actions and never allow the user to directly access a JSP. If you do not need to do any processing to display the page, you can use one of the standard Struts actions or create a simple action that just returns mapping.findForward( "success" ).

- Brent
Thara Visu
Ranch Hand

Joined: May 17, 2005
Posts: 87
Thanks all. Those inputs were extremely helpful.
alfred jones
Ranch Hand

Joined: Apr 19, 2005
Posts: 279
very interesting topic.

after reading the comments, i have a question.


suppose, you put your JSP under WEB-INF in a Struts based application...what are the changes i have to do for Struts based application ?

is it just i have to change the forward path to under WEB-INF ?








what are other changes required if i put all my JSP's under WEB-INF directory ?


please respond.

regards
alfred jones
Ranch Hand

Joined: Apr 19, 2005
Posts: 279
is there any answer to my question ?
dnyan ginde
Ranch Hand

Joined: Jan 17, 2006
Posts: 68
Hello Alfred,

Thats the only change you need to do.
Thara Visu
Ranch Hand

Joined: May 17, 2005
Posts: 87
Alfred,
You can also use the "forward pattern" attribute of the controller tag in struts config to /WEB-INF/$M$P so that you dont have to specify WEB-INF/ everytime.
Shashank Jain
Greenhorn

Joined: Apr 23, 2006
Posts: 2
I think the best strategy is to place the JSP's under the web-inf folder.In Struts though we can force all requests to go through the ActionServlet but in case we are not using struts the best way to secure resources is to place them under web-inf.
Another thing we can do is to have a servlet filter which intercepts all requests and checks for the userinfo in session and accordingly provides or deinies access to a resource..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Best way to place JSPs