通过将它们放置在/WEB-INF中来防止直接访问它们 [英] Prevent direct access to composite components by placing them inside /WEB-INF
问题描述
我正在尝试在Web应用程序中定义一些复合组件.根据我阅读的教程,我必须将xhtml文件放置在位于webcontent中的资源文件夹中. 考虑到它将使这些文件可从URL公开访问,因此该解决方案是有问题的. 有没有一种方法可以将该组件放入web-inf文件夹中,并使jsf在该文件夹中查找文件? 如果没有,还有另一种避免直接访问的方法吗?
I'm trying to define some composite components in my web application. According to the tutorials i read, i have to place the xhtml files inside a resource folder located in webcontent. This solution is problematic, given that it would make those files available for public access from an url. Is there a way to put this components inside the web-inf folder, and make the jsf look for the files there? If not, is there another way to avoid direct access?
谢谢.
PS:我研究了此答案,如果我正确理解了BalusC的回答,我打算做的事情是可能的.
P.S.: I have looked into this answer, and if i understood BalusC's answer correctly, what I intend to do is possible.
推荐答案
复合组件"与您发现的问题/答案中的组成"并不完全相同. OP显然在谈论包含<ui:componsition>内容的<ui:include>文件中的合成.
"Composite components" are not exactly the same as "compositions" in the question/answer you found. The OP was clearly talking about compositions as in <ui:include> files which are including <ui:componsition> content.
您实际上想防止直接访问/resources.这可以通过在web.xml中添加以下安全性约束条目来实现:
You effectively want to prevent direct access to /resources. This can be achieved by adding the following security constraint entry to web.xml:
<security-constraint>
<display-name>Restrict direct access to JSF resources</display-name>
<web-resource-collection>
<web-resource-name>JSF resources</web-resource-name>
<url-pattern>/resources/*</url-pattern>
</web-resource-collection>
<auth-constraint /><!-- Empty auth constraint! -->
</security-constraint>
根据即将发布的JSF 2.2,将不再需要此操作,因为它允许您通过web.xml中的以下配置条目将整个/resources文件夹移动到/WEB-INF中:
As per the upcoming JSF 2.2, this would not be necessary anymore as it allows you to move the whole /resources folder into /WEB-INF by the following configuration entry in web.xml:
<context-param>
<param-name>javax.faces.WEBAPP_RESOURCES_DIRECTORY</param-name>
<param-value>WEB-INF/resources</param-value>
</context-param>
这篇关于通过将它们放置在/WEB-INF中来防止直接访问它们的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
