Where should JSF 2.2 resources be placed: WEB-INF or root
Question
Before JSF 2.2, resources such as javascript, css and composite components would be placed at the root of a web archive in a /resources folder. A security constraint in WEB-INF would accompany this setup to prevent direct access:
<security-constraint>
<display-name>Restrict direct access to JSF resources</display-name>
<web-resource-collection>
<web-resource-name>JSF resources</web-resource-name>
<url-pattern>/resources/*</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>
In JSF 2.2, however, you can simply put the resources folder in WEB-INF: /WEB-INF/resources . This gives the resources implicit protection from direct access.
WEB-INF according to Tomcat documentation and IBM documentation describes it as a folder to store configuration files. It seems like a hack to put non configuration resources in WEB-INF just to gain the protection of the WEB-INF directory.
Are both methods of storing the resources identical in their effect? Are their any concrete drawbacks to either method?
1 answers
solution1
0 2015-05-11 17:04:34
You can safety put resources under WEB-INF it will save you from the mistake of forget to protect it from directly access, nothing more ! If you wanna keep in root with protection the effect will be the same.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.