Hide .xhtml source - facelets/icefaces?

微笑、不失礼 提交于 2020-01-22 15:27:12

问题


I'm new to Icefaces and Facelets both, but I'm using them on a new project. I've got everything working configured and working fine. However, when I visit mywebapp/file.xhtml, the entire facelets template source comes up in my browser. How could I hide this to prevent users from viewing my server-side templates?


回答1:


Put all templates into WEB-INF/someDirectory/templates.

Then according to the facelets documentation put this inside your web.xml for all other xhtml files:

<security-constraint>
    <display-name>Restrict XHTML Documents</display-name>
    <web-resource-collection>
        <web-resource-name>XHTML</web-resource-name>
        <url-pattern>*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description>Only Let 'developer's access XHTML pages</description>
        <role-name>someone</role-name>
    </auth-constraint>
</security-constraint>



回答2:


In the web.xml should be an entry which let you configure the behaviour of xhtml templates (show/hide..)

If you move the .jsp files to the WEB-INF folder (you have to reconfigure the jsp path for JSF), you can't access them by URL. Every J2EE-Server/Webcontainer I know act this way.

Another way is an self written servlet filter etc.

But, why do you want to hide your templates?



来源:https://stackoverflow.com/questions/662777/hide-xhtml-source-facelets-icefaces

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!