sabart wrote: > > Is Click able to locate JSP pages placed inside WEB-INF directory? > > Best practices recommend placing JSP pages inside the WEB-INF directory in > order to prevent direct access to the JSP page and bypassing of the > controller class. As files inside that directory are hidden from user > requests, requests are forced to go through the controller classes. > > I made a quick attempt with Click 2.3 and apparently didn't manage to > locate a JSP page placed inside WEB-INF. > > It did recognize the JSP page when placed under the web root directory > outside WEB-INF; but then nothing prevents users from directly accessing > the unpopulated JSP page. > > I think I managed to overcome the problem by registering a servlet filter > that blocks any *.jsp request but allows forwards: > > <filter> > <display-name>JspBlockingFilter</display-name> > <filter-name>JspBlockingFilter</filter-name> > <filter-class>mypackage.web.JspBlockingFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>JspBlockingFilter</filter-name> > <url-pattern>*.jsp</url-pattern> > <dispatcher>REQUEST</dispatcher> > </filter-mapping> > > But this should be handled by the framework. > > Can you, please, clarify on this issue? > > Regards, > > Agusti >
Hi, Agusti! Since you are not subscribed to [email protected] list no one will see you question. So, please subscribe[1] to it! Now back to you question... I've not tested this feature yet. Maybe someone in the list can answer it for you! Regards, Gilberto [1] http://click.apache.org/docs/click-online.html#mailing-lists -- View this message in context: http://click.1134972.n2.nabble.com/Click-cannot-locate-JSP-pages-placed-inside-WEB-INF-tp6517088p6549822.html Sent from the click-user mailing list archive at Nabble.com.
