tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Wan" <richard...@servidium.com>
Subject Re: tomcat serves .jsp file contained in WEB-INF
Date Thu, 10 May 2001 21:19:49 GMT
From: "Craig R. McClanahan" <craigmcc@apache.org>
> > http://machine:port/appname/WEB-INF/inside.jsp would get served but
> > http://machine:port/appname/WEB-INF/inside.html would not?
> Neither one should be served back to a direct client request for these
> URLs.  The server is prohibited from returning anything under "WEB-INF" or
> "META-INF".


I've attached a small (4k) .war file which under tomcat 3.2 appears to
violate this rule.
Namely, direct browser requests to WEB-INF/inside.jsp are served.
Is this a known bug? Have I found a bug? or am I just crazy?

> It's legal to access either of these URLs, however, in the following ways:
> * As the destination of a RequestDispatcher.forward() or include():
>
>     RequestDispatcher rd =
>      getServletContext().getRequestDispatcher("/WEB-INF/inside.jsp");
>     rd.forward(request, response);


Excellent, this is precisely what I was hoping.

----------------------------------------------------------------------
Richard F. Wan
email: richardwan@servidium.com
Phone: 403 263 3287
Fax:  403 265 5690
Servidium Inc. Suite 800, 840 7th Ave SW
Calgary, Alberta, Canada T2P 3G2

Mime
View raw message