aspose file tools*
The moose likes Servlets and the fly likes Accessing files under WEB-INF Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Accessing files under WEB-INF" Watch "Accessing files under WEB-INF" New topic
Author

Accessing files under WEB-INF

Gaurav Kushwaha
Greenhorn

Joined: May 20, 2009
Posts: 19
Hi,

I have been hearing lot about we cannot access the files under Web-INF folder.
I wanted to know how is it done by the container, to not allow to access files under Web-INF folder ?
sudhir nim
Ranch Hand

Joined: Aug 29, 2007
Posts: 212

WEB-INF directory is a private area of the web application, any files under WEB-INF directory cannot be accessed directly from browser by specifying the URL like http://somesite/WEB-INF/someresource.html. Web container will not serve the content of this directory. However the content of the WEB-INF directory is accessible by the classes (eg servlets) within the application.

How web container does this is upto web container, and that shouldn't matter..


[Servlet tutorial] [Servlet 3.0 Cook Book]
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16065
    
  21

This is perhaps the best way to observe the difference between a URL and a resource (file) path. Although syntactically, they're confusingly similar, URLs cannot "see" WEB-INF or anything under it. However application code can see the WEB-INF directory just fine using the resource access methods of J2EE.


Customer surveys are for companies who didn't pay proper attention to begin with.
Atul Darne
Ranch Hand

Joined: Jul 05, 2009
Posts: 118

hello gaurav,

Try this

http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html

Go through the security Guide for the Tomcat Server. you will find the Security Things. How the webcontainer does it.


Regards, Atul.
I came to this world on a Learner's License
sudhir nim
Ranch Hand

Joined: Aug 29, 2007
Posts: 212

Atul Darne wrote:hello gaurav,

Try this

http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html

Go through the security Guide for the Tomcat Server. you will find the Security Things. How the webcontainer does it.


I don't think security manager has anything to do with not allowing files under /WEB-INF/
indmango siri
Greenhorn

Joined: Jun 30, 2011
Posts: 4
you can try this like,
if you are accessing the file in action class

String filename = "/WEB-INF/somefile.xml" ;
ServletContext context = this.getServlet().getServletContext();
String pathname =context.getRealPath(filename);


This one works for me,
But if i want to access the files from /web-inf/
thru a static method of a normal java class [not a servlet]

how do i do it.
If anybody has a solution,please let me know.

Thanks
indmango
Abhay Agarwal
Ranch Hand

Joined: Feb 29, 2008
Posts: 1105
    
    1

@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay


Oracle Java Web Service Developer (1z0-897), Oracle certified Java 7 Programmer, SCJA 1.0, SCJP 5.0, SCWCD 5.0, Oracle SQL Fundamentals I
indmango siri
Greenhorn

Joined: Jun 30, 2011
Posts: 4
Abhay Agarwal wrote:@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay


I tried like this
java.net.URL url = MyClass.class.getClassLoader().getResource(filename);

and it's returning null

and also like this

InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream(filename);

and this is also returning null.

Note : I am trying all this in a normal java program from a static method

when i create the file object.. it's like looking from c:/web-inf/somefile.txt
which is not the corrrect path.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16065
    
  21

Abhay Agarwal wrote:@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay


You can, but you shouldn't. It's a violation of the J2EE spec, which says that a J2EE webapp is a single (WAR) file, and therefore filesystem access to components within the WAR is not guaranteed.

Yes, it works in many appservers - but not all of them. And even for the ones where it does work, it may not always work. For example, in Tomcat, you can turn off the "exploded WAR" option and that will break any code that thinks that everything's in its own file.

The only safe way to obtain "files" (resources) within a WAR is to use the ServletContext getResource/getResourceAsString methods, which cannot be accessed statically, because you can deploy the same WAR more than once in a server and each deployment would have its own ServletContext.

You can access objects using the standard Java classloader mechanism, but that won't give access to any paths of the WAR that aren't in the WAR's classpath (WEB-INF/classes and the WEB-INF/lib jars).

You should never assume you know what the current working directory is in a WAR unless you have just set it yourself. And don't expect it to stay set after the current request has completed.
indmango siri
Greenhorn

Joined: Jun 30, 2011
Posts: 4
Abhay Agarwal wrote:@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay



Could you please explain with some example.. i want to give it a try

Creat a File object with the path to a file inside WEB-INF.



Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61222
    
  66

indmango siri wrote:
Could you please explain with some example.. i want to give it a try
Creat a File object with the path to a file inside WEB-INF.


NO. Do not! I will back up Tim on this. If you are not going to listen to the advice of the senior members who have learned the hard way what to do and, more importantly, what not to do, why are you asking for their advice?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Accessing files under WEB-INF