struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Sending a Redirect Directly from an Action Class
Date Wed, 02 Jul 2003 01:07:53 GMT
Sorry to horn in on a conversation that is "closed", but I do not to
correct a mis-statement in the thread below.

On Sun, 29 Jun 2003, Jing Zhou wrote:

> From: "Steve Raeburn" <>
> > Actually the easiest way is to place JSPs under WEB-INF but that was not
> > what we were talking about.
> That is an old practice and it may not be supported by all vendors in all
> versions of their server software.

This turns out not to be the real issue.

Every container I'm familiar with correctly disallows direct access to a
JSP page (from a client request) stored under /WEB-INF.  If they did not,
they would be explictly breaking requirements in the Servlet
Specification, Section 9.5:

    No file in the WEB-INF directory may be served directly
    to a client by the container.

The problem for applications based on Struts (and anyone else who used
RequestDispatcher.forward()) is that not all containers allowed you to do
a RequestDispatcher.forward() to a JSP page stored in WEB-INF.  The
arguments against allowing this were tenuous in previous versions of the
servlet spec, but as of version 2.4 (currently in Proposed Final Draft) it
is being made very clear by the following addition to Section 9.5:

    However, the contents of the WEB-INF directory are visible
    to servlet code using the getResource and getResourceAsStream
    method calls on the servlet context, and may be exposed using
    the RequestDispatcher calls.

So, any Servlet 2.4 or later container that disallows such usage are going
to be in clear violation of the spec.  Smart servlet container vendors
will understand that this was always the intent (even though it wasn't
explicitly spelled out < 2.4), and will fix their current container
implementations as well.

Craig McClanahan

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message