> From: Gregor Schneider [mailto:rc4...@googlemail.com] > Subject: Re: [OT] Re: Default Tomcat Page w/o Redirect > > > What I mean is, clients *never* access a .jsp file by URL, e.g. > > "http://www.example.com/app/foo.jsp". > > This is definately wrong. When you call a jsp directly from within a > Servlet-Container, the file gets compiled to a servlet and the output > of the servlet is displayed.
While that is true, placing a .jsp in WEB-INF prevents direct access to that JSP or the servlet it generates - which is the whole point. Despite the admonition to not poke around in the fire unless you know what you're doing, lots of people do. > However, I also found the statement that not all > Servlet-Containers are supporting it. > > Now I'm wondering ("Mr. Servlet-Spec" Chuck, you comment on that one): I'm not aware of any that don't; it would be a violation of the spec to not do so. To quote from the spec: "No file contained in the WEB-INF directory may be served directly to a client by the container. However, the contents of the WEB-INF directory are visible to servlet code using the getResource and getResourceAsStream method calls on the ServletContext, and may be exposed using the RequestDispatcher calls." > Is this directory-structure really part of the specs? WEB-INF/lib and WEB-INF/classes are, yes. See section 9.5. > How does Tomcat find a JSP within WEB-INF/jsp? Do I have to specify it > in the deployment-descriptor? No, you just reference it internally via the RequestDispatcher. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org