You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by W Strater <ws...@yahoo.com> on 2008/06/13 17:06:18 UTC
Hiding JSP Pages
I am trying to hide the JSP so they can only be accessed via a forward. I have been able to put them in a subdirectory of WEB-INF using other containers but have not been able to do that with Tomcat 5.5.
We are not using Struts but it is the same approach where our business
logic is servlet/action based and we only use JSP for presentation.
A common practice would be to put the JSP page in the root directory of the WAR like following:
/HelloWorld.jsp
/WEB-INF/web.xml
/WEB-INF/classes/HelloWorld.class
This would allow the user to access the JSP page through the servlet with http://localhost:8080/app/HelloWorld or directly with http://localhost:8080/app/HelloWorld.jsp.
I want to use to only be able to access the JSP page through the servlet and the directory of the WAR would like the following:
/WEB-INF/web.xml
/WEB-INF/classes/HelloWorld.class
/WEB-INF/jsp/HelloWorld.jsp
The HelloWorld servlet would use the JSP for presentation by forwarding to it using code like the fllowing:
RequestDispatcher dispatcher = request.getRequestDispatcher("
/WEB-INF/jsp/HelloWorld.jsp");
I get the following errors:
09:22:57,253 [[/app].log 636] INFO - Marking servlet org.apache.catalina.INVOKER.WEB-INF as unavailable
09:22:57,269 [[/app].log 665] ERROR - Error loading WebappClassLoader
delegate: false
repositories:
/WEB-INF/classes/
----------> Parent Classloader:
org.apache.catalina.loader.StandardClassLoader@15af049
WEB-INF
java.lang.ClassNotFoundException: WEB-INF
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1332)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1181)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1027)
at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:750)
at org.apache.catalina.servlets.InvokerServlet.serveRequest(InvokerServlet.java:369)
at org.apache.catalina.servlets.InvokerServlet.doGet(InvokerServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
....
09:22:57,269 [[/app].log 665] ERROR - invoker: Cannot allocate servlet instance for path /app/WEB-INF/jsp/HelloWorld.jsp
javax.servlet.ServletException: Wrapper cannot find servlet class WEB-INF or a class it depends on
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1035)
at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:750)
at org.apache.catalina.servlets.InvokerServlet.serveRequest(InvokerServlet.java:369)
at org.apache.catalina.servlets.InvokerServlet.doGet(InvokerServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
...
Most of the discussions I have read are either old or pertaining to securing them via authentication/authorization but I do not want a user to be able to enter a URL containing a JSP page under any conditions.
Any suggestions on how I can hide my JSP pages?
Thanks,
Wes.
Re: Hiding JSP Pages
Posted by Johnny Kewl <jo...@kewlstuff.co.za>.
----- Original Message -----
From: "W Strater" <ws...@yahoo.com>
To: <us...@tomcat.apache.org>
Sent: Friday, June 13, 2008 5:06 PM
Subject: Hiding JSP Pages
>I am trying to hide the JSP so they can only be accessed via a forward. I
>have been able to put them in a subdirectory of WEB-INF using other
>containers but have not been able to do that with Tomcat 5.5.
>
> We are not using Struts but it is the same approach where our business
> logic is servlet/action based and we only use JSP for presentation.
>
> A common practice would be to put the JSP page in the root directory of
> the WAR like following:
>
> /HelloWorld.jsp
> /WEB-INF/web.xml
> /WEB-INF/classes/HelloWorld.class
Mmmm no dont think so, that kinda looks like a mix between precompiled and
JSP
Anyway doesnt matter... and it maybe because I'm in a different IDE, doesnt
work the same...
> This would allow the user to access the JSP page through the servlet with
> http://localhost:8080/app/HelloWorld or directly with
> http://localhost:8080/app/HelloWorld.jsp.
>
> I want to use to only be able to access the JSP page through the servlet
> and the directory of the WAR would like the following:
>
> /WEB-INF/web.xml
> /WEB-INF/classes/HelloWorld.class
> /WEB-INF/jsp/HelloWorld.jsp
>
> The HelloWorld servlet would use the JSP for presentation by forwarding to
> it using code like the fllowing:
>
> RequestDispatcher dispatcher = request.getRequestDispatcher("
> /WEB-INF/jsp/HelloWorld.jsp");
Rather use this mapping...
/META-INF/test/index.jsp
ie just put the JSP's into Meta_Inf
That will hide em and they'll still work...
Having said that, this is the first time I gave this a whiz... you're
forwarding idea is actually just the MVC model, a good way to do it...
But normally what I do is stick a little code in the JSP... ie I check the
bean, or the URI... then redirect or give the user a little message.
Interesting question... thanks
I tested on NB... there it just amounted to dragging the jsp's to the META
folder... done.
Have fun..
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Re: Hiding JSP Pages
Posted by Wes Strater <ws...@yahoo.com>.
Hassan Schroeder wrote:
> On Fri, Jun 13, 2008 at 8:06 AM, W Strater <ws...@yahoo.com> wrote:
>
>> I am trying to hide the JSP so they can only be accessed via a forward. I have been able to put them in a subdirectory of WEB-INF using other containers but have not been able to do that with Tomcat 5.5.
>>
>
> That /is/ the correct approach.
>
>
>> /WEB-INF/classes/HelloWorld.class
>>
>
> If that's literal, it's wrong -- your classes need to be in a package.
>
>
>> I get the following errors:
>>
>> 09:22:57,253 [[/app].log 636] INFO - Marking servlet org.apache.catalina.INVOKER.WEB-INF as unavailable
>>
>
> Are you trying to use the invoker servlet?
>
>
Sorry for the delay but Yahoo web client does not handle ezm attachments
you get with a digest and I could not find any way to reply from the list.
The invoker is one of our dirty little secrets. I was put on an 8+ year
old project that not only uses the invoker but uses single-threaded
model. I was trying to hide the fact but the stack trace blew my cover.
It turns out that was a good thing.
I believe the problem is a "bug" in the invoker since the problem went
away when I loaded the servlet without the invoker. Looking at the
invoker code, I see it trying to load the JSP page as a class and
failing completely before it gets to the code that loads it as a JSP.
Wes.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Hiding JSP Pages
Posted by Hassan Schroeder <ha...@gmail.com>.
On Fri, Jun 13, 2008 at 8:06 AM, W Strater <ws...@yahoo.com> wrote:
> I am trying to hide the JSP so they can only be accessed via a forward. I have been able to put them in a subdirectory of WEB-INF using other containers but have not been able to do that with Tomcat 5.5.
That /is/ the correct approach.
> /WEB-INF/classes/HelloWorld.class
If that's literal, it's wrong -- your classes need to be in a package.
> I get the following errors:
>
> 09:22:57,253 [[/app].log 636] INFO - Marking servlet org.apache.catalina.INVOKER.WEB-INF as unavailable
Are you trying to use the invoker servlet?
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org