tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29558] - JK2 blocks access to WEB-INF
Date Mon, 14 Jun 2004 15:53:27 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29558>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29558

JK2 blocks access to WEB-INF

jfarcand@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From jfarcand@apache.org  2004-06-14 15:53 -------
This is not a bug. This is required by the servlet spec, section 9.5:

A special directory exists within the application hierarchy named "WEB-INF".
This directory contains all things related to the application that aren't in the
document root of the application. The WEB-INF node is not part of the public
document tree of the application. No file contained in the WEB-INF directory may
be served directly to a client by the container. However, the contents of the WEB-
INF directory are visible to servlet code using the getResource and getResource-
AsStream method calls on the ServletContext, and may be exposed using the
RequestDispatcher calls. Hence, if the Application Developer needs access, from
servlet code, to application specific configuration information that he does not
wish to be exposed directly to the Web client, he may place it under this directory.
Since requests are matched to resource mappings in a case-sensitive manner,
client requests for `/WEB-INF/foo', `/WEb-iNf/foo', for example, should not result
in contents of the Web application located under /WEB-INF being returned, .....


Thanks

-- Jeanfrancois

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message