• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

/WEB-INF/classes/ in folder can be accessed from anywhere?

 
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

In my JSP application, I have /WEB-INF/ folder, inside WEB-INF, there is a /class/ folder with java classes there.

I notice if I try to access the Java files via web browser, it is accessible.

Why is this? Isn't it supposed to be secured from outside?

Thanks in advance for all your help.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
class or classes? It can't be both.

Also what do you mean by accessible? Please be more complete in your posts.

I assume you mean that when you create a URL containing WEB-INF, that it serves the resources within it? If so, then the WEB-INF isn't really part of the web application. If it were, the container would not allow such access.

Verify that your web application structure and the context defining it are set up correctly.
 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Susan,

Are you running your servlet/jsp container behind an apache web server? If so, the apache web server might be allowing access to files inside of WEB-INF that normally shouldn't be accessed. If this is the case, you can prevent this from happening by modifying the access permissions in httpd.conf or .htaccess.

Edwin
 
Susan Smith
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Edwin,

Thanks for your post.

What I meant is I accidentally found that I can see the content of my web.xml application and also the .class files inside the WEB-INF if I type: "http://myapps/WEB-INF/web.xml" or if I type "http://myapps/WEB-INF/beans/myJavaProgram.class"

I'm not too familiar with Apache itself, it's a legacy system and no apache expert in our team yet. Here is the setting. Can you please advise how should I change this?


Note:
In one of the JSP pages, I also served some data from "/WEB-INF/data", so I want it to be accessible from my JSP but not from outside.
Example:

I know Servlet is better for this. But for now this JSP page must stay.
 
Edwin Stephens
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Susan,

You might want to try making this modification and then restart Apache and see if it helps.



Good luck,
Edwin
 
reply
    Bookmark Topic Watch Topic
  • New Topic