• Post Reply Bookmark Topic Watch Topic
  • New Topic

JSP help

 
Niks Narayana
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have developed an application in JSP and am using the server bajiesoft!!!
I have to compile a setup that will copy the server as well as the files onto destination machine!!!
My problem is i need to know if there is a way to protect my JSP pages / access my application using only the class files???
I want the user to recieve only the class file for security reasons but i have been unsuccessfull in accessing the compiled class files!!
Any help in this will be appreciated! Servers can be tomcat or bajiesoft!!
basic problem is how to access the class file and open it in Browser???
 
Manoj Gundawar
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any files below WEB-INF directory is by default protected and not served to the clients. (files can't be seen by client)
And what do you mean by " how to access the class file and open it in Browser??? "

If you want to run the class file and show the output, you can look into servlet API. If you want to show the class file "as it is", its not possible. And why would you do that?

[ September 29, 2004: Message edited by: Jmannu gundawar ]
[ September 29, 2004: Message edited by: Jmannu gundawar ]
 
Niks Narayana
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
manoj what i meant was imy application is in JSP and i dont want the client to see the jsp files!
The application will be running on a stand alone machine!
SO what I need to know is whether I can run my application by just sending the class files and not the JSP files!
reply soon!

[Bear edit: calmed down the rampant exclamation points]
[ October 04, 2004: Message edited by: Bear Bibeault ]
 
Manoj Gundawar
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Niks,
Sorry I am unable to understand your requirement.
But just one thing I want to add is, client can not see JSP page's source when server executes JSPs. Client only sees the HTML output sent by executed JSP (servlet) on server. So your JSPs are never exposed.
[ October 04, 2004: Message edited by: Jmannu gundawar ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65516
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Client only sees the HTML output sent by executed JSP (servlet) on server. So your JSPs are never exposed.


But that does not mean that they are not easily accessible. If you do not want the source code of your JSP files exposed, you must place them within a folder hierarchy under WEB-INF and use servlet controllers to access them.
 
Rajan Chinna
Ranch Hand
Posts: 320
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anyway to access jsp files under WEB-INF from the browser directly without using servlets...?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65516
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. That's the whole purpose of putting them there. The servlet container is forbidden from serving anything under WEB-INF directly.
 
Manoj Gundawar
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anyway to access jsp files under WEB-INF from the browser directly without using servlets...?


You can directly access JSP under web-inf the same way servlets are accessed,by adding <servlet> tag in web.xml (deployment descriptor)
<servlet>
<servlet-name> abcServlet </servlet-name>
<jsp-file> /xyz.jsp</jsp-file>
</servlet>
You can also give the initialization param same as servlets.

[ October 05, 2004: Message edited by: Jmannu gundawar ]
[ October 05, 2004: Message edited by: Jmannu gundawar ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65516
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can directly access JSP under web-inf the same way servlets are accessed,by adding <servlet> tag


I would call that indirectly.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65516
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But to address the original question, it is also possible to pre-compile the JSPs (for example, the jspc Ant task for Tomcat) into their servlet classes and deploy just those.

Since that would be servlet container specific, you'll need to find out how the servlet container you are using accomodates such functionality.
[ October 05, 2004: Message edited by: Bear Bibeault ]
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
place the following in the web.xml for your web application, which will block all calls to content contained in a directory /jsp under your web application.
You'll thus need a controller servlet and forward requests to it as no other access is allowed (any attempt to read anything in /jsp will result in a 500 error (not authorised)).
 
Niks Narayana
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
on a stand alone machine the webapps will contain the jsp files.
is there any way to avoid this?
meaning send only the work folder!!!
I hope this makes my problem clear!!
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you can deploy only precompiled JSPs. Check your application server documentation on how to do that.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!