> From: Gregor Schneider [mailto:[email protected]]
> Subject: Re: [OT] Re: Default Tomcat Page w/o Redirect
>
> > What I mean is, clients *never* access a .jsp file by URL, e.g.
> > "http://www.example.com/app/foo.jsp";.
>
> This is definately wrong. When you call a jsp directly from within a
> Servlet-Container, the file gets compiled to a servlet and the output
> of the servlet is displayed.
While that is true, placing a .jsp in WEB-INF prevents direct access to that
JSP or the servlet it generates - which is the whole point. Despite the
admonition to not poke around in the fire unless you know what you're doing,
lots of people do.
> However, I also found the statement that not all
> Servlet-Containers are supporting it.
>
> Now I'm wondering ("Mr. Servlet-Spec" Chuck, you comment on that one):
I'm not aware of any that don't; it would be a violation of the spec to not do
so. To quote from the spec:
"No file contained in the WEB-INF directory may be served directly to a client
by the container. However, the contents of the WEB-INF directory are visible to
servlet code using the getResource and getResourceAsStream method calls on the
ServletContext, and may be exposed using the RequestDispatcher calls."
> Is this directory-structure really part of the specs?
WEB-INF/lib and WEB-INF/classes are, yes. See section 9.5.
> How does Tomcat find a JSP within WEB-INF/jsp? Do I have to specify it
> in the deployment-descriptor?
No, you just reference it internally via the RequestDispatcher.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
