• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

WEB-INF doubt?

 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys,

Anything placed under web-inf directory will not be accessible. But however, we can try to tweak this out by configuring it in the DD. Then what is the advantage of this?? I can make my contents accessible through some settings in the DD. Anyone to comment on this?
 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any help guys for my post above??
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I can make my contents accessible through some settings in the DD.


Really? How?
 
Anthony Karta
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jothi Shankar Kumar Sankararaj:
Any help guys for my post above??


I'm still learning but afaik, anything under WEB-INF should not be exposed to outsider. "tweak" sounds scary thing
 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually this is how I tried,

My web.xml file,

<servlet>
<servlet-name>Concealedjsp</servlet-name>
<jsp-file>/WEB-INF/concealed.jsp</jsp-file>
</servlet>
<servlet>
<servlet-name>myServlet</servlet-name>
<servlet-class>myServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Concealedjsp </servlet-name>
<url-pattern>/jjj</url-pattern>
</servlet-mapping>

I have a file called concealed.jsp under web-inf directory. And below is what I do in my index.jsp,

<form action = "/WEB-INF/concealed.jsp">
<input type="Submit" value="Submit">
</form>

When I click the submit button, I'm able to see the contents in the concealed.jsp file. So anyone to comment on this??
 
Akbar Upadyayula
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jyoti,

in action you have mentioned "/WEB-INF/concealed.jsp"
in this scenario web-inf treated as normal folder
so you can directly use contextname/WEB-INF/concealed.jsp ...
there is nothing special in this
even it is not necessary to configure jsp-file, in web.xml
 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's fine but I'm still not understanding how and why I can get the contents in the web-inf folder??
 
Akbar Upadyayula
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
so please don't put accessibles like *.js,*.html,*.jsps in side web-inf folder
 
Daniel Dalton
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Joti - the benefit of putting stuff under WEB-INF is that it cannot be directly served. That is, you can't go to your browser and get the server to list the contents of WEB-INF.

ie

http://myserver/myapp/WEB-INF/foo.jsp

will NOT work. There may be stuff in your JSPs etc that reveals something of the structure of your app that might be used to help compromise security for instance.

You can however reference stuff within your html and JSPs as you discovered.

Does that help?

Actually Akbar, I disagree with your statement about putting JSPs under WEB-INF. Personally, I don't want a user to be able to read the text of my JSP files, and I tend to put the majority of them under WEB-INF for just that reason.
[ February 20, 2007: Message edited by: Daniel Dalton ]
 
Akbar Upadyayula
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Daniel your correct..........
 
Joe Harry
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Daniel, you are just right and thanks for supporting.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic