1

In my web.xml I have:

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.jsf</url-pattern>
</servlet-mapping>

I got some pages, that are stored at my {project}/webapp/view/ folder

like: localhost/mybodule/view/index.xhtml

and able to see all facelets sources. How to make it 404 error instead?

ses
  • 13,174
  • 31
  • 123
  • 226
  • it seems i found duplication (will check): http://stackoverflow.com/questions/662777/hide-xhtml-source-facelets-icefaces – ses Apr 24 '13 at 16:54
  • Also related: http://stackoverflow.com/a/15433339/1530938 – kolossus Apr 24 '13 at 17:04
  • this: http://stackoverflow.com/questions/8069640/whitelist-security-constraint-in-web-xml helped. ( is important point) – ses Apr 24 '13 at 17:18

1 Answers1

0

Since my question was related to JSF and 404 error throwing.

There is an answer I came up with:

Adding a setting to web.xml:

<context-param>
<param-name>facelets.RESOURCE_RESOLVER</param-name>
<param-value>our.company.CustomResourceResolver</param-value>
</context-param>

Where: CustomResourceResolver extends javax.faces.view.facelets.ResourceResolver

There I would have an overridden method:

@Override
public URL resolveUrl(String path) {
 try {
   String fixedPath = "/WEB-INF/pages";

   return getResolvedPath(path, fixedPath);
} catch(IOException e) {
  throw new FacesException(e);
}

}

Here we assuming that all our pages are located in /WEB-INF/pages folder

Thus, Every time when exception happens it would interpreted as 404.

And: we should delete <security-constraint> from web.xml - this guy is good if we want to show user that he does not have access to particular resource, but in our case we do not want showing this. We don't want showing him the fact that this resource exits at all.

ses
  • 13,174
  • 31
  • 123
  • 226