• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sources code downloaded in JSF2 application

 
Bhuwan Bhaskar
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI All,

We have a jsf2 application deployed on WAS 8.0.

When we hit on xhtml pages, source code written on xhtml pages is downloaded.

Same application has some jsp pages, and they are working fine.

We are using IBM JSF2.0 for the development.

(Due to complexity of code , we can not change xhtml page to jsp )

Any suggestons
 
Bhuwan Bhaskar
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
link is giving 404 error. Kindly post the updated link.
Thanks
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18101
51
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cannot change to JSP anyway. JSP is not supported in JSF2.

Your problem comes from not protecting your resources properly.

Any resource within a web application (WAR/EAR) can be directly accessed via a URL request unless it meets 1 of 2 constraints:

1. The resource is located under the WEB-INF directory. Anything in WEB-INF or its children will not be used to resolve a URL request, per the J2EE standard.

2. The resource is protected by the container security system via a suitable access control rule defined in WEB-INF/web.xml.

In the usual course of events, you would employ constraint #2 to forbid direct access to "*.xhtml" URLs. Since the generally-accepted web.xml config options for JSF formulate JSF URLS in the format of "*.jsf" or "/faces/*", the webapp container (WAS) will ensure that no one can retrieve the raw xhtml sources.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic