Hi, You can precompile your JSPs and include the class files in the WAR. In addition, no one can see the compiled .java files for your JSPs anyways because they're in tomcat's work directory, not in a web-accessible location.
Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: Malcolm Warren [mailto:[EMAIL PROTECTED] >Sent: Wednesday, March 31, 2004 7:55 AM >To: Tomcat Users List >Subject: Re: Of .war and .jar files - and .jsp class files > >Thank you very much for your answers, but they haven't quite hit the mark >yet. > >Every .jsp page in Tomcat, as we all know, is compiled in >/work/Standalone/localhost/ in an appropriate application folder e.g. "_" >is the folder in the case of the ROOT application. >It's fine by me if this is done when I first access the page in a browser >in my test environment. > >Now when I transfer everything to my production server I would like to >eliminate all of the .jsp pages from the application, and all of the .java >files, and just send a .jar file containing the .class files in >/work/Standalone/localhost/$applicationDir. >That way the compilation is already done, and nobody can study my .jsp >files. In theory I could just create a directory tree somewhere of >org/apache/jsp/ copy all the automatically generated .class files into >this directory tree and .jar it all up, and Tomcat should find them either >in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, but it >doesn't. > >Of course I could be missing the point entirely here, and I shouldn't even >by thinking about doing these things, but as I say, in Jrun I could send >the automatically generated .jsp .class files to the production >environment in a nice .jar file and I had more security because noone >could read the original .jsp files, although to be honest there aren't any >people in my company who would be interested in reading them, but I feel >more secure that way. > >Any more enlightenment on this would be very helpful. > >On Wed, 31 Mar 2004 06:00:22 -0600, QM <[EMAIL PROTECTED]> wrote: > >> On Wed, Mar 31, 2004 at 12:02:40PM +0200, Malcolm Warren wrote: >> : Jrun gave an additional security possibility that I am unable to >> extend to >> : Tomcat. In Jrun you do not need to place your .jsp files, nor the >> : automatically generated .java files on your production server. I could >> : simply .jar up the automatically generated .class files and place the >> .jar >> : file in the /WEB-INF/jsp folder on the production server. >> >> >> Tomcat does something similar: >> >> - As one poster already mentioned, keep all of your jar files in >> WEB-INF/lib. >> >> - make sure the JSPs are mapped to servlet paths in WEB-INF/web.xml. >> >> (I'm out on a limb here, but it sounds as if Jrun automagically loads >> your JSP jar file and creates the mappings for you.) >> >> If the latter sounds like a pain in the rear, there are Ant tasks to do >> the precompilation for you and generate the web.xml snippet. >> >> >> : If I create a .war file for the production server then the .war file >> : contains no compiled .jsps, just the original .jsp files - is that >> right? >> >> Not true. The war file contains whatever you put in it. JSPs, images, >> jars, whatever. >> >> -QM >> > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
