On 8/23/2018 4:26 AM, Mark Thomas wrote:
On 22/08/18 19:48, Terence M. Bandoian wrote:
<snip/>
Back on topic, do JSPs have to be registered with the container using
servlet mappings in web.xml or some other mechanism in order to serve as
targets of forwards by servlets? Further, does doing so make those JSPs
accessible via external requests? I suspect the answer to both
questions is yes which means an additional mechanism will have to be
introduced to block that access which I believe was the original
question. Servlet filter?
What makes JSPs accessible is the mapping of *.jsp to the JSP servlet.
Any file outside of WEB-INF with a .jsp extension will be passed to the
JSP servlet for processing:
- .jsp -> .java
- .java -> .class (servlet)
- send request to servlet from previous step
JSPs (or any other files) located under WEB-INF are never directly
accessible.
Forwards and includes can reference JSP files (actually any files)
located under WEB-INF and the file is processed the same way it would be
if it were located outside of WEB-INF. The idea of locating files under
WEB-INF is so you can use them in forwards and includes without them
being directly accessible.
Mark
P.S. It is actually WEB-INF or META_INF everywhere I write WEB-INF above
but I only used WEB-INF to try and keep it clearer.
Thanks for clearing that up. It's surprisingly simple. The only
complication I found is that a "NamedDispatcher" is required to forward
to pre-compiled JSPs in WEB-INF that don't have servlet mappings.
-Terence Bandoian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
