I noticed that applications generated by jHipster serve almost all file content available from the WAR artifact. For example, if there is a file README.MD next to index.html, it can be accessed via http://localhost:8080/README.MD.
The only files that aren't served are those files within the META-INF/ and WEB-INF/ directories.
Where does a jHipster application's source code configure to serve arbitrary files but not files from META-INF/** and META-INF/**?
There is no configuration at all, it's part of the Servlet specification: both of those directories are secured by the servlet container, without doing anything specific.
You might be confused because many people store their files in WEB-INF, for example WEB-INF/jsp/ for the JSP files. People do this to protect those files from being accessed directly, and have a Controller (like a Spring MVC controller or Struts controller) that redirects to those pages once it has processed the request.
JHipster works differently, as it only has static pages that do REST requests to the back-end, so it's a different architecture.
Related
How can I protect my Node JS files to achieve similar behavior to a PHP file case? I would like to defend it to make it unable to download or display the inner content if anyone knows the URL of the file on the server.
Unless your Node.js server serves its own application directory as static files (or if there's a separate web server that expose them), the source code is not accessible.
Unlike with PHP, the JavaScript source code doesn't need to be anywhere near the hierarchy served by a web server.
With OpenCMS version 7.x, is it possible to specify a folder as not requiring cookies to be served with its contents, e.g. images etc that don't need cookies to bloat the request?
This is not an OpenCms feature, you'd have to configure this in your application server.
In a large web application, I'm using requirejs amd modules so that the scripts themselves are modular and maintainable. I have the following directory structure
web
|-src
|-main
|-java
|-resources
|-webapp
|-static
|-scripts
|-styles
|-images
|-static-built //output from r.js. not checked into git
|-WEB-INF
During build js and css are optimized using r.js into static-built folder. Gradle is the build tool.
Now the problem: The jsps refer to the scripts in static/scripts folder and this is how i want when working locally. However when building war, I want the static files to be served from static-built folder. The important thing is the source jsp should not have to change to serve the optimized files from static-built folder.
Two options that I have are: a) the gradle build while making war should include static-built instead of static. b)include static-built in addition to static and using tuckey urlrewrite pick the resouce from static-built rather than static.
What best practices are the community following in similar scenarios?
We've setup the server to have a runtime profile (dev, qa, prod, etc) read from a system property which determines some settings based on it. When running in production profile we serve the optimized files from the WAR. In development we serve the non-minified and non-concatenated files directly from the filesystem outside the application context.
Files are structured according to the official multipage example.
Configuring serving files depends on your chosen backend solution. Here's an example for spring.
Alternatively, r.js can generate source maps and those will help with development as well.
Not sure if this question is outdated already, but I had a kind of similar problem.
I had similar project structure, but with the only difference - I've split the project into 2 modules:
one of them (let's call it service) was java-module for back-end
the second one contained only js and other stuff related to front-end (let's call it ui).
Then in Gradle build 'assemble' task of the service depends on 'assemble' task of ui AND another custom task called 'pre-assemble'. This 'pre-assemble' task was copying the optimized js files to place where I wanted them to be.
So, basically, I've just added another task that was responsible for placing all the optimized js files in the proper place.
I was recommended that I move this question from StackOverflow to here.
I am running a web site on a server with Tomcat and IIS. I use .JSP and Java in the back end.
I don't know how to configure IIS to automatically minify resource files (CSS, JavaScript, images) when using .JSP. I have found a few suggested solutions online, but they all apply to IIS and .ASP.
I added the "compression" tag to this post because there is no "minification" tag available, but I am not referring to gzip compression, but removing white spaces, merging resources for faster download etc.
Could anyone help me figure out how to configure IIS to minify resource files with .JSP? Thank you!
Minification a process which combines multiple CSS or JS files to a single file and perform process of compression(whitespace removal) and obfuscation(JS) is an ideal build time solution, rather than a run time solution. While using Tomcat with IIS, it will be good to have some thing like this:
Use WRO4J as a maven build time plugin. Create an attribute like
devmode=true or false. In JSP's have if else condition to define
groups to add multiple CSS/JS or Single based on the devmode value.
While deploying use devmode = false. This with maven configuration will compile JSP with single CSS/JS files.
In IIS, configure a separate VD and map your static resources of war to it. Write a rewrite rule to instruct IIS to serve the static resources. Enable static compression.
The above said configuration will take less load on the CPU.
Some links of interest could be:
https://code.google.com/p/wro4j/wiki/MavenPlugin
Unobtrusive way to combine and compress javascript/css for java/spring/maven applications?
I use Geronimo with J2EE 5 and Tomcat 6 and I'm trying to create one simple page using JSF. I put the tag library files myfaces_core.tld and myfaces_html.tld in WEB-INF and it works, but just on Windows. Under Linux I got IOException with an unknown reason when I was deploying the WAR. To remove the two tag library files made the deploy possible. But then I got an error when I was opening the page in browser. It was missing the file WEB-INF/myfaces_html.tld, which is specified in the header of JSP file. In examples for MyFaces there is used not MyFaces TLD, but common Sun Java TLD. I have overwritten the URI WEB-INF/myfaces_html.tld to http://java.sun.com/jsf/html ant now I'm getting the error The absolute uri: http://java.sun.com/jsf/html cannot be resolved in either web.xml or the jar files deployed with this application.
I'm lost now. Must I or must I not put the tag library description files into my WAR to use JSF components? These files are already contained in MyFaces JARs in Geronimo Container, aren't? The container must have the same behavior regardless to platform or it needn't? What shall I do to create my simple application really platform independent?
You should not be extracting JAR files of 3rd party tag libraries and placing its loose TLD files in the /WEB-INF folder. The TLD files should be kept in the JAR files where they originate and the JAR files should be untouched and just be dropped in the runtime classpath. Whatever book/tutorial/forum is suggesting otherwise should be blacklisted.
Cleanup your project structure to get rid of those loose TLD files and undo every change related to this, for sure also in the web.xml, if any.
Your /WEB-INF/lib folder should contain just two files in order to get JSF to run on Tomcat 6: one file representing the abstract API and other representing the concrete implementation. As you've apparently chosen to use MyFaces, it'll be those two JAR files (probably with a version number at end of filename, that depends):
myfaces-api.jar
myfaces-impl.jar
Drop them in /WEB-INF/lib folder which is part of the webapp's default runtime classpath. That's all. Next step would be declaring and mapping the FacesServlet in your webapp's web.xml.
Ensure that you're reading the proper book/tutorial.