You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@click.apache.org by gilbertoca <gi...@gmail.com> on 2011/07/05 15:49:53 UTC
Re: Click cannot locate JSP pages placed inside /WEB-INF?
sabart wrote:
>
> Is Click able to locate JSP pages placed inside WEB-INF directory?
>
> Best practices recommend placing JSP pages inside the WEB-INF directory in
> order to prevent direct access to the JSP page and bypassing of the
> controller class. As files inside that directory are hidden from user
> requests, requests are forced to go through the controller classes.
>
> I made a quick attempt with Click 2.3 and apparently didn't manage to
> locate a JSP page placed inside WEB-INF.
>
> It did recognize the JSP page when placed under the web root directory
> outside WEB-INF; but then nothing prevents users from directly accessing
> the unpopulated JSP page.
>
> I think I managed to overcome the problem by registering a servlet filter
> that blocks any *.jsp request but allows forwards:
>
> <filter>
> <display-name>JspBlockingFilter</display-name>
> <filter-name>JspBlockingFilter</filter-name>
> <filter-class>mypackage.web.JspBlockingFilter</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>JspBlockingFilter</filter-name>
> <url-pattern>*.jsp</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> </filter-mapping>
>
> But this should be handled by the framework.
>
> Can you, please, clarify on this issue?
>
> Regards,
>
> Agusti
>
Hi, Agusti! Since you are not subscribed to user@click.apache.org list no
one will see you question. So, please subscribe[1] to it!
Now back to you question...
I've not tested this feature yet. Maybe someone in the list can answer it
for you!
Regards,
Gilberto
[1] http://click.apache.org/docs/click-online.html#mailing-lists
--
View this message in context: http://click.1134972.n2.nabble.com/Click-cannot-locate-JSP-pages-placed-inside-WEB-INF-tp6517088p6549822.html
Sent from the click-user mailing list archive at Nabble.com.