Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Accessing files under WEB-INF

 
Gaurav Kushwaha
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have been hearing lot about we cannot access the files under Web-INF folder.
I wanted to know how is it done by the container, to not allow to access files under Web-INF folder ?
 
sudhir nim
Ranch Hand
Posts: 212
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
WEB-INF directory is a private area of the web application, any files under WEB-INF directory cannot be accessed directly from browser by specifying the URL like http://somesite/WEB-INF/someresource.html. Web container will not serve the content of this directory. However the content of the WEB-INF directory is accessible by the classes (eg servlets) within the application.

How web container does this is upto web container, and that shouldn't matter..
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18154
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is perhaps the best way to observe the difference between a URL and a resource (file) path. Although syntactically, they're confusingly similar, URLs cannot "see" WEB-INF or anything under it. However application code can see the WEB-INF directory just fine using the resource access methods of J2EE.
 
Atul Darne
Ranch Hand
Posts: 118
Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello gaurav,

Try this

http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html

Go through the security Guide for the Tomcat Server. you will find the Security Things. How the webcontainer does it.
 
sudhir nim
Ranch Hand
Posts: 212
Eclipse IDE Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Atul Darne wrote:hello gaurav,

Try this

http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html

Go through the security Guide for the Tomcat Server. you will find the Security Things. How the webcontainer does it.


I don't think security manager has anything to do with not allowing files under /WEB-INF/
 
indmango siri
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you can try this like,
if you are accessing the file in action class

String filename = "/WEB-INF/somefile.xml" ;
ServletContext context = this.getServlet().getServletContext();
String pathname =context.getRealPath(filename);


This one works for me,
But if i want to access the files from /web-inf/
thru a static method of a normal java class [not a servlet]

how do i do it.
If anybody has a solution,please let me know.

Thanks
indmango
 
Abhay Agarwal
Ranch Hand
Posts: 1376
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay
 
indmango siri
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Abhay Agarwal wrote:@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay


I tried like this
java.net.URL url = MyClass.class.getClassLoader().getResource(filename);

and it's returning null

and also like this

InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream(filename);

and this is also returning null.

Note : I am trying all this in a normal java program from a static method

when i create the file object.. it's like looking from c:/web-inf/somefile.txt
which is not the corrrect path.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18154
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Abhay Agarwal wrote:@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay


You can, but you shouldn't. It's a violation of the J2EE spec, which says that a J2EE webapp is a single (WAR) file, and therefore filesystem access to components within the WAR is not guaranteed.

Yes, it works in many appservers - but not all of them. And even for the ones where it does work, it may not always work. For example, in Tomcat, you can turn off the "exploded WAR" option and that will break any code that thinks that everything's in its own file.

The only safe way to obtain "files" (resources) within a WAR is to use the ServletContext getResource/getResourceAsString methods, which cannot be accessed statically, because you can deploy the same WAR more than once in a server and each deployment would have its own ServletContext.

You can access objects using the standard Java classloader mechanism, but that won't give access to any paths of the WAR that aren't in the WAR's classpath (WEB-INF/classes and the WEB-INF/lib jars).

You should never assume you know what the current working directory is in a WAR unless you have just set it yourself. And don't expect it to stay set after the current request has completed.
 
indmango siri
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Abhay Agarwal wrote:@indmango -- > you can use normal Java File API to access File. Creat a File object with the path to a file inside WEB-INF.

~ abhay



Could you please explain with some example.. i want to give it a try

Creat a File object with the path to a file inside WEB-INF.



 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64833
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
indmango siri wrote:
Could you please explain with some example.. i want to give it a try
Creat a File object with the path to a file inside WEB-INF.


NO. Do not! I will back up Tim on this. If you are not going to listen to the advice of the senior members who have learned the hard way what to do and, more importantly, what not to do, why are you asking for their advice?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic