tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "DONNIE HALE" <DH...@longaberger.com>
Subject Re: [repost] loading class files
Date Tue, 27 Nov 2001 15:47:23 GMT
As Craig indicated in a message earlier this morning, the "good" of storing JSPs (in particular)
under WEB-INF is if you want to enforce that they are only available via some kind of dispatching
servlet which does a RequestDispatcher.forward or .include. In other words, if the application
architecture is using something like Struts in which the direct execution of some JSPs will
fail because they require other processing to have previously occurred, then you can make
sure they're not accidentally served directly by putting them under WEB-INF.

Putting images under WEB-INF doesn't make much sense, as those are all, for the most part,
implicitly requested by a browser when parsing a page's HTML. So almost all requests for images
are "served directly to a client".

Hope that's clear,

Donnie


>>> dns4@cornell.edu 11/27/01 10:35AM >>>
You're right.  The spec does not say jsps can not be stored under WEB-INF, 
but it does say and I quote the spec:

"No file contained in the WEB-INF directory may be served directly to a 
client by the container" -- Servlet 2.3 spec pg 60

Given that, what good is storing a .jsp (or .gif, jpg, pdf, etc, ...) file in 
WEB-INF if the client can't request it?  

IMHO, files the client directly request should be outside the WEB-INF 
directory.  Individual mileage may vary though.

--David

On Monday 26 November 2001 02:08 pm, you wrote:
> > Note on the other stuff: Classes used on the server
> > side should be in a package structure under
> > WEB-INF/classes to work correctly. JSPs,
> > static content, and client-side applets should
> > all be outside the WEB-INF folder for proper
> > operation. This is defined in the spec and is
> > required for all applications conforming to it.
> > Hope this clears some mystery.
> > --David Smith
>
> I cannot find any place in the spec that says that
> JSPs, etc. cannot be under WEB-INF.  I have seen
> many suggestions that this is a good place to put
> them to prevent direct access.  In what way doesn't
> this provide "proper operation".
>
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.
>
>
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message