Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Where do the JSP files come from

843842Oct 25 2005 — edited Oct 26 2005
Hi,

I am very new to JavaServer Faces and have recently been looking into using this technology for a fairly small project, mainly to become familiar with it. What i'm trying to figure out is when I type a url like http://server:8080/myapp/faces/blah.jsp, where does the controller servlet look for a match? Does it always just look in the root of the web application? (as all the example seem to do). If so, you seem to have to add every jsp page into a security-constraint in web.xml to stop them from being accessed directly!

On a related note, when trying out the "Command Submissions Sample Application" from java BluePrints i noticed that i could browse the contents of the WEB-INF folder (usually restricted as I understand it) and access the web.xml of the application simply by going http://server:8080/command_submissions/faces/WEB-INF/web.xml. How can I stop this from being possible?

Other than these couple of things I'm really looking forward to using JSF.

Thanks in advance,
Robert.

Comments

843842
Hi,

First, you cannot access a JSF page without going through the JSF Servlet.

Your JSF tags will not be translated into html tag, this will generate an error page.

you can specify the matching url that you want to send through the Servlet.
here is a chunk of one of my web.xml file. 
  <!-- Standard Action Servlet Mapping -->
  <servlet-mapping>
    <servlet-name>FacesServlet</servlet-name>
    <url-pattern>*.faces</url-pattern>  
  </servlet-mapping>
Furthermore,

you can also disallow access to some directories, but, i'm not using this technique now and i can't tell you if it's an usual technique.

Anyone correct me if i'm wrong.



Sebastien Degardin.
843842
Thanks for the reply.

I understand how servlets are mapped. What I'm trying to figure out is how the FaceServlet translates a faces url into a JSP page. (ie. where is looks, what names it looks for etc.)

For example, with the mapping example you showed (*.faces), If I made made a call to http://server/myapp/mypage.faces, what would FacesServlet serve up? A jsp file called mypage.jsp? If so, where does it look for such a jsp?

In the example I was talking about before the mapping was /faces/*, which seemed to have the effect of just serving up all /faces/* paths with matches relative to the root of the application. For example, if i had a jsp in /mypage.jsp I could just called /faces/mypage.jsp and it would work. However, this also allowed me to access /faces/WEB-INF/web.xml which I not good (security problem IMO). An that was with a Java BluePrints application!

My question still remains. How can i tell FacesServlet where to look for pages, and stop things like the secrutiy problem above?

Thanks in advance,
Robert.
843842
Well after reading lots more stuff on faces it seems that faces always just looks in the root of your application for a match, and if you dont like it to always look for jsp files (for example if you want it to look for jspx) you can do something like this for the RI:

<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.jspx</param-value>
</context-param>

Still not sure about that whole being able to access WEB-INF thing :S. Instead i'm just using a *.faces mapping rather than /faces/*.
843842
Hello,

That's how i'm doing too.

faces ---> FacesServlet ----> JSP View

source suffixe ans target are configurable in web.xml file.


Sebastien Degardin
1 - 4
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Nov 23 2005
Added on Oct 25 2005
#javaserver-faces
4 comments
40 views