This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
There are many who advocate putting all JSPs in the WEB-INF directory. However, I prefer the method described in this article under the heading Safeguard your JSP pages.
The main reason I don't like putting things in the WEB-INF directory is that it messes up the relationship between the JSPs and the static files such as css and image files. These cannot be put in WEB-INF because you do want direct access to these files, so you end up with two different directory trees: one for the JSPs and one for the static files.
Many web devlopment tools don't work well with this arrangement. To me it just seems to make the organization of the files more intuitive to keep the JSPs in the web context root and use security to restrict direct access to them. [ October 06, 2007: Message edited by: Merrill Higginson ]
I followed the process which defined in the "Safeguard your JSP pages" article but I am still able to access the jsps directly. Please make note that I put all my jsps in folder called JSPs. Is any other way to achieve this I don't want put my jsps in Web-Inf folder. Please help me..
Thank You So Much... Smd Muneer
Joined: Feb 15, 2005
What they don't explain in the article is that the stanzas in a web.xml file must be in a certain order, and if they aren't, they may not work as expected. Try moving your security-constraint stanza toward the end of your web.xml file just before the </web-app> tag and test again.
If you're still unable to figure it out, post your web.xml file, and we'll help you debug it.
Joined: Oct 05, 2007
Hi, this is my web.xml please debug it
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app id="WebApp"> <display-name>DESMexicoWeb</display-name>
I cut and pasted your security-contstraint stanza into my web application and deployed it to JBoss 2.0. When I tried to access any file with a .jsp extension, I got HTTP Error 403, which is what should happen.
I'm not sure why it's not working for you. Are there any more details that you can give us?