Obviously no one can access jsp code via web server.
Niki
Shapira, Yoav wrote:
Hi, You can precompile your JSPs and include the class files in the WAR. In addition, no one can see the compiled .java files for your JSPs anyways because they're in tomcat's work directory, not in a web-accessible location.
Yoav Shapira Millennium Research Informatics
mark-----Original Message----- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 7:55 AM To: Tomcat Users List Subject: Re: Of .war and .jar files - and .jsp class files
Thank you very much for your answers, but they haven't quite hit the
yet."_"
Every .jsp page in Tomcat, as we all know, is compiled in
/work/Standalone/localhost/ in an appropriate application folder e.g.
is the folder in the case of the ROOT application.browser
It's fine by me if this is done when I first access the page in a
in my test environment..java
Now when I transfer everything to my production server I would like to
eliminate all of the .jsp pages from the application, and all of the
files, and just send a .jar file containing the .class files ineither
/work/Standalone/localhost/$applicationDir.
That way the compilation is already done, and nobody can study my .jsp
files. In theory I could just create a directory tree somewhere of
org/apache/jsp/ copy all the automatically generated .class files into
this directory tree and .jar it all up, and Tomcat should find them
in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, butit
doesn't.even
Of course I could be missing the point entirely here, and I shouldn't
by thinking about doing these things, but as I say, in Jrun I couldsend
the automatically generated .jsp .class files to the productionany
environment in a nice .jar file and I had more security because noone
could read the original .jsp files, although to be honest there aren't
people in my company who would be interested in reading them, but Ifeel
more secure that way.could
Any more enlightenment on this would be very helpful.
On Wed, 31 Mar 2004 06:00:22 -0600, QM <[EMAIL PROTECTED]> wrote:
On Wed, Mar 31, 2004 at 12:02:40PM +0200, Malcolm Warren wrote:
: Jrun gave an additional security possibility that I am unable to
extend to
: Tomcat. In Jrun you do not need to place your .jsp files, nor the
: automatically generated .java files on your production server. I
the: simply .jar up the automatically generated .class files and place
do.jar : file in the /WEB-INF/jsp folder on the production server.
Tomcat does something similar:
- As one poster already mentioned, keep all of your jar files in WEB-INF/lib.
- make sure the JSPs are mapped to servlet paths in WEB-INF/web.xml.
(I'm out on a limb here, but it sounds as if Jrun automagically loads your JSP jar file and creates the mappings for you.)
If the latter sounds like a pain in the rear, there are Ant tasks to
filethe precompilation for you and generate the web.xml snippet.
: If I create a .war file for the production server then the .war
images,: contains no compiled .jsps, just the original .jsp files - is that right?
Not true. The war file contains whatever you put in it. JSPs,
jars, whatever.
-QM
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
