I'm new to Icefaces and Facelets both, but I'm using them on a new project. I've got everything working configured and working fine. However, when I visit mywebapp/file.xhtml, the entire facelets template source comes up in my browser. How could I hide this to prevent users from viewing my server-side templates?
Put all templates into WEB-INF/someDirectory/templates.
Then according to the facelets documentation put this inside your web.xml for all other xhtml files:
<security-constraint>
<display-name>Restrict XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Only Let 'developer's access XHTML pages</description>
<role-name>someone</role-name>
</auth-constraint>
</security-constraint>
In the web.xml should be an entry which let you configure the behaviour of xhtml templates (show/hide..)
If you move the .jsp files to the WEB-INF folder (you have to reconfigure the jsp path for JSF), you can't access them by URL. Every J2EE-Server/Webcontainer I know act this way.
Another way is an self written servlet filter etc.
But, why do you want to hide your templates?
来源:https://stackoverflow.com/questions/662777/hide-xhtml-source-facelets-icefaces