on 08-23-2004 3:04 PM
Hi.
I'm porting an existing J2EE web app. that was designed to work with Tomcat/jBoss, and now needs to work with SAP NW WAS 6.3, and I get a problem working with Struts.
I put my JSPs inside WEB-INF folder, because I don't want them to be accessible straight through the browser.
When I run the application, Struts' "forward" action can't seem to succeed on calling the JSPs. I get a 404 error code (Not Found) with this message: "Directory web-inf is not accessible for browsing".
If I put the same JSP outside the WEB-INF folder (under webContent folder), and change the Struts' action accordingly, I get it right, but then, once again, it is accessible for the "outside world", and I can't live with that.
How should I set the security of the server to enable access to WEB-INF folder via Struts? What am I doing wrong?
Thank,
Nir Arazi
Hi,
I'm afraid there is no way to configure the server to serve content under the WEB-INF directory (remember, the Servlet specification forbids that!).
Why don't you just put your pages in a separate folder and then set a security contraint in the web.xml (using a URL pattern) to restrict access to those pages? Do you think this works in your case?
Regards,
Ivo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nir
I dont think manualy copying the files into WEB-INF folder is the right way to do this . You will have to assemble the web components into war file and then build an ear file and thgen deploy this to the Engine. Consider using Netweaver Dev Std or DeployTool.bat for this.
Regards
Pran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ivo and Pran,
Thanks for your response!
First of all, as far as I know, JSP pages are considered to be a servlet, by the SUN specifications, and as such, should have no problem forward, and be forwarded files in the WEB-INF folder.
Is there a chance this is a design problem in SAP's Web Application Server?
The problem with having a security constraint is that the constraint not only forbids users, but also forbids Struts from accessing these files. So I get the same result - either I let all my JSPs be public, or my application won't work.
Now, Pran - about your reply:
My original application's JSPs were inside the WEB-INF folder which was under the WebContent folder.
If I leave them there - I cannot access them via Struts - so, apparently, my application crashes.
If I put them in the WEB-INF folder which is created by default when you create a new Web Module Project in the NW Dev Std, I get the same results (Actually, the files end up in the same folder inside the EAR file...).
So, it seems the only option is to put all the JSPs under the WebContent folder, NOT inside any WEB-INF folder, and handle the security manually - which is just redundant work, which the WEB-INF folder usually just saves.
Any other/better ideas?
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.