Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Primefaces inside web-inf

 
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I have a simple.xhtml page inside WEB-INF folder. I am using PrimeFaces

When I run the application and go to that page, It only shows the text "This is Editor:",
But when I place the same page outside the WEB-INF folder then it show the primeface editor.

Is primefaces tags are not accessible inside WEB-INF folder?
 
Ranch Hand
Posts: 426
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Pages should never be inside WEB-INF I think...you can use a filter to protect those pages instead..
This is just what I think..
 
Saloon Keeper
Posts: 27933
198
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The rule is that anything you need to access by a URL cannot be places in WEB-INF, because WEB-INF and its contents are invisible as URL resources. So you can place Facelets include files under WEB-INF, since they're accessed as resources, but the top-level page resources have to be external to WEB-INF, since you use URLs to select them for JSF processing.

There are several ways to make the raw resources off-limits. If you are using standard J2EE container security, just write a security rule in WEB-INF/web.xml to block access to "*.xhtml". That will give a 403 FORBIDDEN. If you prefer a 404 NOT FOUND, you can write a small servlet, map it to "*.xhtml" and have it return a 404 response code for anything sent to it.

A servlet filter can also do the job. The main disadvantage to the filter approach is that if you make a mistake, it can have an impact on other URL requests as well as URLs ending in ".xhtml".
 
She's brilliant. She can see what can be and is not limited to what is. And she knows this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic