• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Protecting JSP Pages after Deployment to Tomcat

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I need somebody to assist me with how to protect my JSP pages after its been deployed to tomcat. Ideally, I need a situation where Tomcat will not unpack my WAR file i.e. everything remain inside the WAR file and runs from there and nobody will be able to open the WAR file while the WAR is running on Tomcat.

Thanks in advance.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As I recall, there is a unpackWARs attribute used in server.xml to configure this and the default setting is true.
This documentation for Tomcat 5 describes the use in the Host element.
Bill
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do you mean protect them?
Protect them from whom?
 
Sunday Oyeniyi
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We actually want to implement dual control over our applications that are deployed on TOMCAT. We want to protect the JSP from our in-house administrators who could go into the webapps folder and open up jsp pages and start modifyng them. Really, what we want to achieve is for Tomcat not to deploy the WAR files and also protect the WAR file with a password. Any useful information in this regard will be highly appreciated.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you deploy a war file by dropping it into the webapps directory, it will be unpacked by default. If you keep it elsewhere and deploy it by creating a context fragment file then, as William mentioned, you can set the unpackWar attribute to false.
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

Suggestion:
Have you considered pre-compiling your JSPs and removing the source files from the webapp altogether?
[ November 13, 2006: Message edited by: Ben Souther ]
 
Sunday Oyeniyi
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Ben Souther for your response - pls educate me or throw more light on what you mean by pre-compiling my JSPs. How do I pre-compile the JSP? Does that mean that I will leave only the .class files that are generated in tomcat work folder and remove all the .jsp files? Bearing in mind that what exactly I want to achieve is to dual-control any change that will be effected on the jsps via a password. Pls assist me further!
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First, 'pls' is not a word.
See UseRealWords to see why we so strongly discourage the use of non-English words here.

On to your question: There are ANT tasks for precompiling all of your JSPs, and yes, it means that you can ship only your .class files.
Besides making it very difficult for someone to tinker with them, you won't have to wait for the JSP to be compiled the first time you hit it.

I haven't done this myself so I won't be able to walk you through it but a Google search or two should get you started.
http://www.google.com/search?hl=en&q=ANT+Precompile+JSP&btnG=Google+Search
 
It's a beautiful day in this neighborhood - Fred Rogers. Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic