Pros and Cons of putting jspx pages under WEB-INF

Similar Messages

• Access JSP pages under WEB-INF

  Hello, I have a web application and i use Java,JSP, servlets etc.
  In my webpage i have three different categories of users
  *1)* Registered users
  *2)* Not Registered users
  *3)* Administrator
  I would like the welcome page index.jsp and register page be accessed by everyone.
  But as far as the other pages are concerned , i would like to be accessed only by the registered users.
  What shall i do??
  I placed the index.jsp and register.jsp under the public folder and the other pages under WEB-INF folder in order to be accesses only from the registered users.
  But it's not working!
  What exactly shall i do in order to make that work??
  Thanks, in advance!

  g_p_java wrote:
  Thanks for the link! As i understood i don't have to place my web pages under WEB-INF (only the web.xml which is already there).
  *1)* So i have to follow the steps that are being mentioned there for all the users right??
  Registered , Not Registered and admin.
  Yes, security constraining through web.xml is a url pattern based protection for your resources. You could create multiple urls - /secured/* and map them to your resources accessible to registered users only or you may have /admin/* and define that only 'admin' roles have access to these resources. Some portions of such setup would be server specific (eg: how you create users and map them to roles)
  *2)* I would like to make a question: Who is the "FrontController" in the link you posted me? [http://onjava.com/onjava/2001/08/06/webform.html]
  It's the Container. Because such features are mandated by the spec, the container provides an implementation and options to customize the implementation (for example in weblogic, you can specify that your users are bound to an LDAP or configured in a Users table in the db)
  Nevertheless, you would have your own Controllers for your application management (Struts or Spring or whatever suits your need). On the same note, you should have your own Filters to implement whatever common logic you have across your application.
  Madathil_Prasad wrote:
  2. Write a filter that checks for the presence of a session (and entitlements possibly) before allowing access to a resource.
  *3)* when you write "_entitlements_" what exactly do you mean??
  Thanks!
  This is the other road I was talking about. You could throw all configuration and j2ee based security configuration out of the window (they do have their limitations) and implement custom security logic in a Filter. For example,
  String urlPattern = request.getRequestURI();
  if(urlPattern.indexOf("/secured") != null{
           if(request.getSession(false) == null){
                 //redirect to login page.
           }else{
                //valid session
                //now check specific entitlement to see whether user has access
  }Here entitlement refers to permissions at a granular level (authorization if you wish to call it). For example, you have 2 kinds of admin users - some who can generate reports of web activity and another who can change application settings.
  ram.

• Access dead page for access page under WEB-INF

  hi, all , I have some page is under WEB-INF , if the user direct access this kind of jsp pages, will have some 4004 statue, could I have a customer error page to instead this 404 page . thankk you!

  Thank you,
  I realize my problem and your answer make my more understand my problem, but the problem still there.String myLink = req.getParameter("myLink");
              String target = null;
              HttpSession userSession = (HttpSession) req.getSession(true);
              HttpSession session = req.getSession();
              String word=(String)session.getAttribute("said");
             // out.println(word);
              if(word.equals("")||word==null)
               RequestDispatcher rd =
               getServletContext().getRequestDispatcher("/error/notFound.jsp"); //under?Hello
                rd.forward(req, response);
              else{
              target = "/WEB-INF/jsp/" + myLink;
              // at dSec.jsp id is link, so you can't use userSession.setAttribute("link", target) in here!
             // userSession.setAttribute("place", target);
              RequestDispatcher rd =
               getServletContext().getRequestDispatcher(target);
              rd.forward(req, response);} when I direct call my http://localhost/Hello/servlet/JumpLink?myLink=test1.jsp I get and empty page , not be forward to notFound page, what I did wrong?

• Warning - When Compiling .jsp pages under WEB-INF

  Created a directory jsp under WEB-INF and when i compile the jsp pages i get the following warning message
  Warning: package name web2d_inf._jsp does not match source file name C:\ProviderEnrollment\ProvEnrollView\classes\.jsps\_WEB_2d_INF\_jsp\_searchprovider.java
  Need help
  Thanks

  We have encountered this warning too.
  I'm not an Oracle employee, but it looks like there's a bug in JDev that preserves the case for the output directories but not for the package name that is supposed to correspond to the output directories.
  In any case, we haven't seen any runtime problems that seem to be related to this warning, so you may be safe to disregard it. It does foul up the build log though.
  Any JDev team members watching this topic are welcome to chime in with a confirmation and details of this apparent bug, as well as any workaround that might exist to avoid having the warning appear. Thanks!

• Does JSP best practice of putting under WEB-INF apply to JSF pages?

  I'm new to JSF and wondering if the "best practice" advice that used to be given of storing your jsp pages under WEB-INF (when using Model2) to keep them from being served up without going through your controller still applies with JSF.
  Since the component lifecycle is so different, I'm wondering if it would still apply? If anyone can explain why it might or might not apply I'd appreciate it!
  Thanks!

  The rule is:
  keep all the pages you don�t user to "browse", under the WEB-INF directory.
  MeTitus

• Retrieve JSP page From WEB-INF

  I have query about,
  how to retrieve Jsp page that i have put in WEB-INF director,
  session.setAttributes("Here Vector not String","Value")..
  i want to set value with in vectore using above session attributes, i dont wanto set one attributes but more values in one vectore using session,

  Web pages under WEB-INF can not be accessed directly by the client.
  That is by design.
  However you can forward/include them with the RequestDispatcher, or using <jsp:forward>/<jsp:include>
  I don't understand what the bit setting session attributes is about.

• JAR files under WEB-INF but not in lib directory

  I am working with JDeveloper 10g and I have several jar files under WEB-INF/lib and other under WEB-INF/libEst.
  I have add this libraries to Project properties > Paths and it works fine when I run my aplication in local environment, but it fails when I deploy and run in the server.
  I have configured our deploy file to include these WEB-INF/libEst jar files, but when I deploy to our server, it seems to be that this classes included in these jar files are not reachable and they cannot be loaded and throw a ClassNotFoundException.
  Is it possible to have jar files under any WEB-INF subdirectory distinct of /lib?
  Why is it working in local but not in server?
  If someone can help me to configure this in order to deploy in server, I will be very grateful.
  Thanks a lot,
  Antonio.

  Hi Antonio,
  I think this document is what you are looking for: http://www.oracle.com/technology/tech/java/oc4j/htdocs/how-to-servlet-warmanifest.html
  .. your manifest entries would look like
  Class-Path: WEB-INF/libExt/<jarName1>.jar, WEB-INF/libExt/<jarName2>.jar, ...
  Let me know if this works for you.
  thanks,
  Harsha

• HT2523 What is the difference between Pages and Text Edit? Pros and Cons?

  I just purchased a Macbook Pro, and I am currently exploring its features. I see that it comes with Text Edit, which seems to be its form of Microsoft Word...but I also know that you can purchase "Pages" for the computer. What is the difference? Pros and cons of each? I will be a freshman in college in the fall, so I need something that I can do lots of writing and editing on.

  TextEdit is a simple basic text editor. Far from what MS Word can do. This is Pages:
  http://www.apple.com/iwork/pages/

• PROS and CONS of ArchLinux

  This is a try to summarize the pros and cons of archlinux in one place, to have an overview.
  Keep posts as simple as possible (because it can become easily 4 pages if anyone quotes anyone else to say that this is right or not) --- feel free to add "entries"
  [+] means "PRO", [-] means "CONTRA" and [0] means "only note"
  Summary:
  [+]:  optimized i686-distro
  [+]:  free
  [+]:[pacman]:  Systemupgrade is one command 'pacman -Suy'
  [+]:[pacman]:  Dependency-control
  [+]:[pacman]:  no X needed
  [+]:[abs]:  need to write the building-function only once ... building another version of a package is extremly easy
  [+]:[abs]:  you can build the packages on your machine with one command
  [+]:  up-to-date packages
  [+]:  fully customizable
  [+]:  newbies have to learn some basics to use the power behind a real linux-station ([-] this takes some time :-) )
  [+]:  lilo or grub as bootmanager
  [+]:  the people behind are gentle, motivated and able
  [+]:  big package-repository; slowly but steadily growing --- separated in official, unofficial and unstable
  [+]:  51 games :-)
  [+]:  newest kde, gnome, OpenOffice, Abiword, wine ...
  [+]  It takes less than 20 minutes to get a fully functional system rather than 5+ days like some other distros
  [+]  no internet requied during CD-Installation / no CD-Drive requied during FTP-Installation
  [+]  perfect to learn linux on it
  [0]:[pacman]:  needs fast internet-connection to stay always up-to-date easily
  [0]:  not really popular, because not known
  [0]:  Documentation in developement --- usable
  [-]:  some conflicts because of using the newest libs (gcc 3.3.1 ...)

  sarah31 wrote:
  beniro wrote:
  dp wrote:
  [+]: lack of newbie-not-friendly features
  because if you are a linux-newbie, i hope you want to learn something about it
  Well put, dp.  I fell in love with Arch for this very reason.  After spending a couple of weeks on a variety of distros (Redhats 7.3, 8.0, Mandrake 8.1, Libranet 2.2), I found Arch and it ALLOWED me to learn so much more than these other distros.  Arch IS very user-friendly. 
  hmm this would be contrary to your concept of "user-friendly", no?
  [cutcutcut]
  i know alot of people don't want to have to learn anything about their computer or their OS but that is just plain stupid i think. you need to know a little something about most other tools you use in order to use them properly and safely. point and click is like a self hammering hammer .... a waste.
  EDIT: i used to be very opposite of this opinion before i used arch. but being "forced" to learn more has been very helpful for me and others.
  Against my concept of "user-friendly"?  No.  I think that Arch Linux is extremely user-friendly, but not so newbie-friendly.  Arch, as you say, has "forced" me to learn alot, and enabled me to do so by being simple and transparent; things work as they say they do, without to many surprises, but they are not self-explanatory, which is what a newbie requires.
  Now, let me clarify: I wasn't suggesting an actual GUI install.  I think Arch's current install (while imperfect) is much better than, say, Redhat's.  Any user should be able to navigate the menus easily and make the choices that need to be made.  I am against a GUI installer for the forseeable future as well.  I was referring to including an option for HWD (which you say will be included in the future, so scratch that) and an option to install GUIs for sysadmin (like one for pacman, etc.).
  It seems your against this on the basis that it would impede learning a bit...well...Is the Arch Linux goal to educate about Linux?  I mean, I think that it's possible that a better goal might be to spread the USE of Linux, which might be facilitated by including some admin tools.  Only as an option.  People who want to learn will, and people who don't will only become frustrated and abandon ship.
  I would worry more about impeding the spread of what I consider to be an incredibly powerful, flexible computing platform, one that is quite user-friendly and potentially quite newbie-friendly... 
  Okokok...all that being said, I understand exactly what you're saying and can appreciate your view and desire to preserve Arch as "unspoiled" in a certain sense.  Definitely a valid point.
  So, before any of this newbie stuff is truly considered, I think we can all agree that the Docs should be polished to a healthy glow. 
  P.S. Sarah, I though you had retired from the AL team, but I'm glad to see you around the forums just as much as ever! 

• Pros and cons of quicktime movie or YouTube on your website?

  Hello All,
  I want to add a short movie to my website and I have watched the tutorials on adding a quicktime movie and a YouTube movie to your website.
  However, they didn't say what the pros and cons were. Is it better to add a quicktime movie to your site or a link to YouTube.
  How easy or hard is it to add a link to Vimeo?
  Thanks for all your help and suggestions.
  Mike

  Hi Michael,
  The pros of hosting the movie yourself on your .me website is that you have control over the content in your movie; if you put copyrighted music in your video and upload it to youtube and they recognize it (and they usually do) no one will be able to view the video on youtube without being logged in to youtube as you.
  The cons are that if you upload movies to iweb, you'll be using some bandwidth every time someone watches it, and there is a limit to what is include with the mobile me subscription.
  Adding a youtube video embedded in your site is easy. Just use the HTML snippet (or did they update one just for you tube?) and copy the "embed" information from the file on you tube, and paste it in the html window. easy as pie.
  I don't know anything about "Vimeo" but any links are easy if you're leaving your site and sending a clicker to the page with what you want to show. Embedding is easy if they give you embed tools at the site you want to borrow from (like youtube does).

• What are the Pros and Cons while joining tables at DF and Universe level

  Hi Experts,
  I am new to Data federator designer. I need help on the below.
  Could you please let me know the Pros and Cons while joining the source tables in data federator
  And While joining the DF target tables in universe designer.
  Regards,
  Gana

  Hi,
  1. I have created target tables based on source tables with one to one mapping and then join all target tables in universe.
  Ex: Source tables: Infocube text tables, fact tables and 3rd party data base table
  Target tables:Target tables are same as source tables
  --- Yes this is the way to create target Tables  and join them in the universe.These target Tables gives you the flexibility  like in future your requirement is to add one more object based on some calculation which is not possible in the universe so that time you can create  one more column in the target table and do the calculation. at the same time if you are using source table you can not do anything.
  2. Created single target table with all objects of source tables and merged all sources tables data.
  Ex: Source tables: Infocube text tables, fact tables and 3rd party data base table
  Target table: Single table.
  --- This is bit complex structure to merge all tables data in the one target table.in this situation you have to put more efforts and it is more complex.basically this type of target table is useful when you are merging data by multiple source into single  or  creating one target table based on the  union of tables by adding two mapping rules or more and you can not join tables in universe.
  Better approach is first 1. create target tables based on the source tables and join them in the universe.
  Thanks,
  Amit

• Same SID for QA & Prd systems - pros and cons?

  We have the foll systems:
  1. Enterprise Portal 7.0
  2. NWDI 7.0
  3. NW 7.0 (with XECO - Ecommerce)
  4. TREX 7.1
  5. Content Server 6.40
  6. ECC 6.0
  Currently the QA and Prd systems have the same SID and system/instance no, although they are on different hosts.
  We would like to know what are the long term pros and cons for keeping the QA and Prd SIDs the same for all systems.
  We are already making a list, so thought we might as well get more inputs from the community too.
  We already have this arrangement for the past 3 months and have not faced any major issues.
  A couple of cons though:
  1. Cannot use solman as it cannot distinguish between the diff servers with same SID
  2. ABAP transports from QA to Prd have to be manually done (cannot use STMS)
  Thanks
  Prasad

  Hi Manoj,
  Changing the SID of java systems is a very tedious procedure. Hom sys copy is just a part of the SID change...there are a whole lot of configs to be done after that...the task is eq to a new setup of systems
  For once, the efforts put in are huge..you can see there are 5 systems..besides, it will involve coordination from all teams - basis, development, functional, project management.
  Here are a few advantages that we know of:
  1. No efforts reqd to change back to original SID
  2. During disaster recovery, we just have to restore the production database on QA and change the hostname, whereas its not so in case of having diff SIDs
  3. For end-users this will be transparent because they will be using the hostname in the URL which is anyways different
  We have the same SIDs for the past 3 months and have not seen major issues, but we also would like to know from the long term perspective if there are any risks that we have not foreseen...hence we seek help from the community.
  Hope its clear now
  Thanks for your response
  Prasad

• Using CLOB data type - Pros and Cons

  Dear Gurus,
  We are designing a database that will be receiving comments from external data source. These comments are stored as CLOB in the external database. We found that only 1% of incoming data will be larger than 4000 characters and are now evaluating the Pros and Cons of storing only 4000 characters of incoming comments in VARCHAR2 data type or using CLOB data type.
  Some of the concerns brought up during discussion were:
  - having to store CLOBs in separate tablespace;
  - applications, such Toad require changing defaults settings to display CLOBs in the grid. Default value is not to display them;
  - applications that build web page with CLOBs will be struggling to fit 18 thousand chararcters of which 17 thousand are blank lines;
  - cashing CLOBs in memory will consume big chunk of data buffers which will affect performance;
  - to manipulate CLOBs you need PL/SQL anonymous block or procedure;
  - bind variables cannot be assigned CLOB value;
  - dynamic SQL cannot use CLOBs;
  - temp tables don't work very well with CLOBs;
  - fuzzy logic search on CLOBs is ineffective;
  - not all ODBC drivers support Oracle CLOBs
  - UNION, MINUS, INTERSECT don't work with CLOBs
  I have not delt with CLOB data type in the past, so I am hoping to hear from you of any possible issues/hastles we may encounter?

  848428 wrote:
  Dear Gurus,
  We are designing a database that will be receiving comments from external data source. These comments are stored as CLOB in the external database. We found that only 1% of incoming data will be larger than 4000 characters and are now evaluating the Pros and Cons of storing only 4000 characters of incoming comments in VARCHAR2 data type or using CLOB data type.
  Some of the concerns brought up during discussion were:
  - having to store CLOBs in separate tablespace;They can be stored inline too. Depends on requirements.
  - applications, such Toad require changing defaults settings to display CLOBs in the grid. Default value is not to display them;Toad is a developer tool so that shouldn't matter. What should matter is how you display the data to end users etc. but that will depend on the interface. Some can handle CLOBs and others not. Again, it depends on the requirements.
  - applications that build web page with CLOBs will be struggling to fit 18 thousand chararcters of which 17 thousand are blank lines;Why would they struggle? 18,000 characters is only around 18k in file size, that's not that big to a web page.
  - cashing CLOBs in memory will consume big chunk of data buffers which will affect performance;Who's caching them in memory? What are you planning on doing with these CLOBs? There's no real reason they should impact performance any more than anything else, but it depends on your requirements as to how you plan to use them.
  - to manipulate CLOBs you need PL/SQL anonymous block or procedure;You can manipulate CLOBs in SQL too, using the DBMS_LOB package.
  - bind variables cannot be assigned CLOB value;Are you sure?
  - dynamic SQL cannot use CLOBs;Yes it can. 11g supports CLOBs for EXECUTE IMMEDIATE statements and pre 11g you can use the DBMS_SQL package with CLOB's split into a VARCHAR2S structure.
  - temp tables don't work very well with CLOBs;What do you mean "don't work well"?
  - fuzzy logic search on CLOBs is ineffective;Seems like you're pulling information from various sources without context. Again, it depends on your requirements as to how you are going to use the CLOB's
  - not all ODBC drivers support Oracle CLOBs not all, but there are some. Again, it depends what you want to achieve.
  - UNION, MINUS, INTERSECT don't work with CLOBsTrue.
  I have not delt with CLOB data type in the past, so I am hoping to hear from you of any possible issues/hastles we may encounter?You may have more hassle if you "need" to accept more than 4000 characters and you are splitting it into seperate columns or rows, when a CLOB would do it easily.
  It seems as though you are trying to find all the negative aspects of CLOBs and ignoring all the positive aspects, and also ignoring the negative aspects of not using CLOB's.
  Without context you're assumptions are just that, assumptions, so nobody can tell you if it will be right or wrong to use them. CLOB's do have their uses, just as XMLTYPE's have their uses etc. If you're using them for the right reasons then great, but if you're ignoring them for the wrong reasons then you'll suffer.

• Pros and Cons selecting Ext to file Catalog

  I am in a quandry. I bought LR 1. and never had the chance to put anytime to learn how to use it.
  I am starting a new, so just got LR 2.2, and would like to do it the most practical and best way. I use an iMac 10.5, with 350 GB int HD, and have 3 Ext HD's ranging from 350 - 1 TB.
  I only use my int HD just to run apps, everything else I placed them on my Ext HD.
  So my questions is "What are the Pros and Cons placing LR Catalog in an Ext HD?

  >So my questions is "What are the Pros and Cons placing LR Catalog in an Ext HD?
  Since this is a fixed station there are none really except perhaps speed depending on how you connect to it. USB 2 is the slowest solution, followed by firewire 400 then firewire 800 and fastest is eSATA, but I doubt your iMac supports that.

• KM Cache and iView Cache - Pros and Cons

  Hi All,
  Can anyone tell me which Caching mechanism is better - KM Caching or iView Caching ?
  What are the Pros and Cons of KM Caching and iView Caching ? Which type of caching is recommended ?
  Any kind of help is appreciated.
  Regards,
  Adren

  Hi Adren,
  As to my understanding, with Portal Cache, we can achieve the following:
  1. Significant improvement in the interface response time
  2. Unnecessary, additional page generation (re-rendering) is avoided when you call a portal page
  3. Web browser-like caching for server-based, dynamic pages in the Web (such as the BW Application Web)
  Cache monitor to monitor the current status of all active caches in your system landscape. The data displayed in the cache monitor can be used for evaluations
  KM cache might eb better than Iview cache.
  Please check the below links we might get soem info about the type of cache which is preferable.
  http://help.sap.com/saphelp_nw04s/helpdata/en/1d/33863c68bebc2ce10000000a114027/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/57/29e334d0049967e10000009b38f83b/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b52de690-0201-0010-c5a6-b4bde0a12e44
  Hope this helps you.
  Good Luck!
  Regards,
  Shaila...