堆栈内存溢出
  简体   繁体   English

为什么把JSP放在WEB-INF中?

[英]Why put JSP in WEB-INF?

 原文  2011-07-26 06:01:22       java/ jsp

问题描述

I noticed a common pattern is to put JSP pages in WEB-INF folder (as opposed to WAR root). 我注意到一个常见的模式是将JSP页面放在WEB-INF文件夹中(而不是WAR根目录)。 What's the difference? 有什么不同? Why is that preferred? 为什么这是首选?

3 个解决方案

解决方案1
 34 已采纳  2011-07-26 06:07:09

Files in WEB-INF are not visible to the users. WEB-INF中的文件对用户不可见。 It's a bit safer that way. 这样有点安全。

If (a contrived example) you are including db.jsp , but by itself it throws an exception, a malicious user can open http://yoursite.com/db.jsp and get some insight on your application (worst - the database credentials) from the exception message. 如果(一个人为的例子)你包括db.jsp ,但它本身会抛出一个异常,恶意用户可以打开http://yoursite.com/db.jsp并对你的应用程序有所了解(最差 - 数据库凭据)来自异常消息。

解决方案2
 11  2011-07-26 06:06:51

I don't think it's a good design pattern, but I believe I can explain the reasoning. 我不认为这是一个好的设计模式,但我相信我可以解释这个推理。

Servlet containers won't serve any content in WEB-INF . Servlet容器不会提供WEB-INF任何内容。 By putting your JSPs there, you prevent anyone from directly accessing a JSP by navigating to it in the browser by name. 通过将JSP放在那里,可以防止任何人通过名称在浏览器中导航到JSP来直接访问JSP。 This might be considered good practice, if some of your JSPs are just fragments of code/markup, and not meant to be used directly, and perhaps open some security hole you haven't though of. 这可能被认为是一种很好的做法,如果你的一些JSP只是代码/标记的片段,并不打算直接使用,也许会打开一些你没有的安全漏洞。

It's still possible to get the container to see and use the JSPs as expected even in WEB-INF . 即使在WEB-INF仍然可以让容器按预期查看和使用JSP。

解决方案3
 5  2014-02-25 14:44:12

An extra-plus when using a Controller (or Front-Servlet) is that you decouple the URL path from the physical location of the JSP-files in your project. 使用Controller (或Front-Servlet)时的额外优势是,您可以将URL路径与项目中JSP文件的物理位置分离。

As example here a simple request-mapping from a Spring Controller : 这里的示例是一个来自Spring Controller的简单请求映射: 

@RequestMapping(value = "/item/edit", method = RequestMethod.GET)
public String getItemEdit(@RequestParam(value = "id", required = false) final String id) {
    return "itemeditform";
}

The ViewResolver takes care of mapping the URL to the place where your JSPs reside. ViewResolver负责将URL映射到JSP所在的位置。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么WEB-INF文件夹里面的jsp文件有效,但放在WEB-INF下的文件夹下不行? - Why jsp files inside WEB-INF folder works , but placed under a folder under WEB-INF doesn't? 从html访问WEB-INF / jsp - access WEB-INF/jsp from html 正确地重定向到WEB-INF中的JSP - Redirect correctly to a JSP inside WEB-INF WEB-INF /标签外的Jsp标签 - Jsp tags outside WEB-INF/tags 阻止从JSP访问WEB-INF - Preventing access to WEB-INF from JSP GET /WEB-INF/jsp/login.jsp 没有映射 - No Mapping for GET /WEB-INF/jsp/login.jsp 为什么无法使用sendRedirect方法访问WEB-INF下的JSP页面? - Why the JSP pages under WEB-INF can't be accessible with sendRedirect method? 如何将.class下的web-inf / classs打包为jar并将其放入web-inf / lib目录 - how to package the .class under the web-inf/classes as a jar and put it to the web-inf/lib dir 使用条纹将 JSP 文件移动到 WEB-INF 目录时出错 - Error moving JSP file into WEB-INF directory with Stripes WEB-INF可以位于JSP Tomcat6的子目录中吗 - Can WEB-INF be at a subdirectory JSP Tomcat6
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM