This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSF and the fly likes Sources code downloaded in JSF2 application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "Sources code downloaded in JSF2 application" Watch "Sources code downloaded in JSF2 application" New topic
Author

Sources code downloaded in JSF2 application

Bhuwan Bhaskar
Greenhorn

Joined: Mar 07, 2013
Posts: 2
HI All,

We have a jsf2 application deployed on WAS 8.0.

When we hit on xhtml pages, source code written on xhtml pages is downloaded.

Same application has some jsp pages, and they are working fine.

We are using IBM JSF2.0 for the development.

(Due to complexity of code , we can not change xhtml page to jsp )

Any suggestons
Bhuwan Bhaskar
Greenhorn

Joined: Mar 07, 2013
Posts: 2
link is giving 404 error. Kindly post the updated link.
Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15960
    
  19

You cannot change to JSP anyway. JSP is not supported in JSF2.

Your problem comes from not protecting your resources properly.

Any resource within a web application (WAR/EAR) can be directly accessed via a URL request unless it meets 1 of 2 constraints:

1. The resource is located under the WEB-INF directory. Anything in WEB-INF or its children will not be used to resolve a URL request, per the J2EE standard.

2. The resource is protected by the container security system via a suitable access control rule defined in WEB-INF/web.xml.

In the usual course of events, you would employ constraint #2 to forbid direct access to "*.xhtml" URLs. Since the generally-accepted web.xml config options for JSF formulate JSF URLS in the format of "*.jsf" or "/faces/*", the webapp container (WAS) will ensure that no one can retrieve the raw xhtml sources.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Sources code downloaded in JSF2 application
 
Similar Threads
ManagedBean property not getting retrieved in JSP
using XHTML & JSP in the same application
How to access jsp web page that was in different application with different context path form my JSF
include jspf in another jspf
Adding new row kept previous row values.