8

Every project example I've seen so far, in a book or a tutorial, have got the XHTML (Facelets) pages on the same level as WEB-INF directory. I've read also that in order to have the pages not direct accessible on the server, you need to hide them under the WEB-INF directory, that means that one need some kind of view resolver for that. My question is, how can I do that?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
claudia b
  • 203
  • 3
  • 5

1 Answers1

10

I think you misunderstood the purpose of the XHTML files which are placed in /WEB-INF. These are the include files, master templates and tag files, exactly those pages which you don't want the end user to be able to open standalone. The normal pages and template clients are not placed in /WEB-INF.

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • In the folowing link there is a concept that the pages under WEB-INF are not direct accesible from a web browser:http://www.examulator.com/moodle/mod/resource/view.php?id=455 – claudia b Mar 16 '12 at 11:00
  • if you generate an Spring MVC Project, all tha pages are set under WEB-INF dierctory and in the web.xml there is a view resolver. How can I do that for xhrml pages? – claudia b Mar 16 '12 at 11:10
  • JSF is not Spring MVC, please don't compare apples with oranges. I also don't see why you would want to do this for JSF. Can you please argument the reason you think that placing *all* views, including the public ones, in `/WEB-INF` is absolutely necessary? Why would you want to go through an extra path by a view resolver so that they are still publicly accessible in the end? – BalusC Mar 16 '12 at 11:11
  • 1
    I dont't particulary want to do that, but there are people from controlling who knows such concepts that the pages should be under WEB-INF and have seen Spring MVC or other sorts from projects, which are doing that and from security reasons should I also do that. I don't know if it's possible, if it's necessary ?? – claudia b Mar 16 '12 at 11:19
  • 2
    In Spring MVC, all files are placed in `/WEB-INF` to prevent direct access because they need to be opened by a virtual URL, otherwise the enduser will be able to get the raw source code by opening `*.jsp` directly instead of `*.html`, `*.do` or whatever is mapped by Spring MVC. But in JSF that is unnecessary. You just have to map the `FacesServlet` on an URL pattern of `*.xhtml`. This way the enduser will never be able to get the raw source code. You only have to put the include/tag/template files in `/WEB-INF` because they shouldn't be directly accessed at all anyway. – BalusC Mar 16 '12 at 11:23
  • Thank you for your answers, now I must take a break to understand them:) – claudia b Mar 16 '12 at 11:28
  • Again, don't compare apples with oranges. You'll only confuse yourself more :) – BalusC Mar 16 '12 at 11:33