tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: tomcat serves .jsp file contained in WEB-INF
Date Thu, 10 May 2001 18:03:00 GMT


On Thu, 10 May 2001, Richard Wan wrote:

> Is the following a bug or a part of the Servlet 2.2 spec?
> 
> http://machine:port/appname/WEB-INF/inside.jsp would get served but
> http://machine:port/appname/WEB-INF/inside.html would not?
> 

Neither one should be served back to a direct client request for these
URLs.  The server is prohibited from returning anything under "WEB-INF" or
"META-INF".

It's legal to access either of these URLs, however, in the following ways:

* Inside a servlet, using something like this:

    InputStream is =
     getServletContext().getResourceAsStream("/WEB-INF/web.xml");

* As the destination of a RequestDispatcher.forward() or include():

    RequestDispatcher rd =
     getServletContext().getRequestDispatcher("/WEB-INF/inside.jsp");
    rd.forward(request, response);

  or

    RequestDispatcher rd =
     getServletContext().getRequestDispatcher("/WEB-INF/inside.html");
    rd.include(request, response);


> ----------------------------------------------------------------------
> Richard F. Wan

Craig McClanahan


Mime
View raw message