I need somebody to assist me with how to protect my JSP pages after its been deployed to tomcat. Ideally, I need a situation where Tomcat will not unpack my WAR file i.e. everything remain inside the WAR file and runs from there and nobody will be able to open the WAR file while the WAR is running on Tomcat.
We actually want to implement dual control over our applications that are deployed on TOMCAT. We want to protect the JSP from our in-house administrators who could go into the webapps folder and open up jsp pages and start modifyng them. Really, what we want to achieve is for Tomcat not to deploy the WAR files and also protect the WAR file with a password. Any useful information in this regard will be highly appreciated.
If you deploy a war file by dropping it into the webapps directory, it will be unpacked by default. If you keep it elsewhere and deploy it by creating a context fragment file then, as William mentioned, you can set the unpackWar attribute to false. http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
Suggestion: Have you considered pre-compiling your JSPs and removing the source files from the webapp altogether? [ November 13, 2006: Message edited by: Ben Souther ]
Joined: Jul 12, 2005
Thank you Ben Souther for your response - pls educate me or throw more light on what you mean by pre-compiling my JSPs. How do I pre-compile the JSP? Does that mean that I will leave only the .class files that are generated in tomcat work folder and remove all the .jsp files? Bearing in mind that what exactly I want to achieve is to dual-control any change that will be effected on the jsps via a password. Pls assist me further!
First, 'pls' is not a word. See UseRealWords to see why we so strongly discourage the use of non-English words here.
On to your question: There are ANT tasks for precompiling all of your JSPs, and yes, it means that you can ship only your .class files. Besides making it very difficult for someone to tinker with them, you won't have to wait for the JSP to be compiled the first time you hit it.