Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Al Hobbs
  • salvin francis

Servlet dispatching.

Ranch Hand
Posts: 50
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm trying to use an servlet that dispatch the request to a JSP page located in the WEB-INF directory of my web app. I'm having an error because it seems to be a forbidden access. But in the book I'm reading, appear that this kind of access is valid.
The code is like:
RequestDispatcher rd=getServletContext().getRequestDispatcher("/WEB-INF/ayuda.jsp");
Do you know what is the problem?
Thanks in advance.
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've seen this suggested before, where you can put your JSPs in the WEB-INF directory to protect them from direct access. ie you can only .forward or .include them.
I haven't actually read it but apparently the Servlet spec defines access to resources in the WEB-INF directory. I believe that the problem in the way it is defined is that it states that stuff under WEB-INF shouldn't be directly accessable, but it does not state that they should be indirectly accessable.
What this means is that there is no guarantee that any app server will allow you to do this.
The only server I actually tried this on was Tomcat 4, and after chasing it down in the source code, it appears that Tomcat will not allow any access to files in the WEB-INF directory. It explicitly denies access to anything matching */WEB-INF/*
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic