Re: Click cannot locate JSP pages placed inside /WEB-INF?

[gilbertoca <gi...@gmail.com>]

sabart wrote:
> 
> Is Click able to locate JSP pages placed inside WEB-INF directory?
> 
> Best practices recommend placing JSP pages inside the WEB-INF directory in
> order to prevent direct access to the JSP page and bypassing of the
> controller class. As files inside that directory are hidden from user
> requests, requests are forced to go through the controller classes.
> 
> I made a quick attempt with Click 2.3 and apparently didn't manage to
> locate a JSP page placed inside WEB-INF. 
> 
> It did recognize the JSP page when placed under the web root directory
> outside WEB-INF; but then nothing prevents users from directly accessing
> the unpopulated JSP page.
> 
> I think I managed to overcome the problem by registering a servlet filter
> that blocks any *.jsp request but allows forwards:
> 
>   <filter>
>     <display-name>JspBlockingFilter</display-name>
>     <filter-name>JspBlockingFilter</filter-name>
>     <filter-class>mypackage.web.JspBlockingFilter</filter-class>
>   </filter>
>   <filter-mapping>
>     <filter-name>JspBlockingFilter</filter-name>
>    <url-pattern>*.jsp</url-pattern>
>     <dispatcher>REQUEST</dispatcher>
>   </filter-mapping>
> 
> But this should be handled by the framework.
> 
> Can you, please, clarify on this issue?
> 
> Regards,
> 
> Agusti
> 

Hi, Agusti! Since you are not subscribed to user@click.apache.org list no
one will see you question. So, please subscribe[1] to it!

Now back to you question...
I've not tested this feature yet. Maybe someone in the list can answer it
for you!

Regards,

Gilberto

[1] http://click.apache.org/docs/click-online.html#mailing-lists


--
View this message in context: http://click.1134972.n2.nabble.com/Click-cannot-locate-JSP-pages-placed-inside-WEB-INF-tp6517088p6549822.html
Sent from the click-user mailing list archive at Nabble.com.