All geek questions in one place

Apache Tomcat: The requested resource () is unavailable (when using a resource that must be available)

This is my first question here (be careful :)). I searched everywhere and could not find the answer to my problem (also a little embarrassed in this process).

I am using Tomcat 7 and the latest Eclipse IDE for Java EE developers (Eclipse 3.7.2 platform and Java EE IDE 1.4.2). So, I get this error: "The requested resource () is unavailable" when accessing http://127.0.0.1:8080/myTest/WEB-INF/jsp/savename.jsp . I have checked many times that this file is located on disk in the exact folder. I tried running Tomcat inside Eclipse and deploying the exported .war to Tomcat. Each time the same error appears.

My files:

myTest/index.jsp myTest/WEB-INF/html/GetName.html myTest/WEB-INF/jsp/savename.jsp

When I run "http: // localhost / myTest", index.jsp always works correctly. Then i use

 "<jsp:forward page="WEB-INF/html/GetName.html"></jsp:forward>"

inside my index.jsp to go to GetName.html and this also works. The problem occurs in GetName.html:

 <form action='WEB-INF/jsp/savename.jsp' method="post" > What your name? <INPUT TYPE=TEXT NAME=username SIZE=20> <P><INPUT TYPE=SUBMIT> </form>

When I click the submit button on the form, the browser redirects to: http://127.0.0.1:8080/myTest/WEB-INF/jsp/savename.jsp and a tooltip appears.

So, I really don’t understand why this is happening ... By default, Tomcat applications work fine ...

PS I also tried manual file navigation:

 http://127.0.0.1:8080/myTest/WEB-INF/html/GetName.html http://127.0.0.1:8080/myTest/WEB-INF/jsp/savename.jsp

but I also get an error (even when idex.jsp also goes to GetName.html without any problems).

Any help is much appreciated! Thanks!!

+6
source share
1 answer

You cannot directly go to any files / artifacts placed in the WEB-INF directory (also valid for META-INF). This is a security feature of the servlet engine: content in WEB-INF is protected and inaccessible from the outside through URLs. In addition, anyone can read confidential data, such as application / database configuration, etc., Only for the assembly of the corresponding URLs.

The reason the jsp: forward tag can still access files in / in the WEB-INF directory is because forward executes internally on the server, i.e. the request has already arrived at the servlet engine and index.jsp, so the servlet engine has fulfilled its security responsibilities, and now the author, for example, index.jsp, is responsible for deciding which files should be available.

PS
Besides using the "jsp: forward" tags, you can use the include directive (static include), for example.

 <%@ include file="/WEB-INF/dir/file.extension" %>

or an included JSP tag (including dynamic), for example

 <jsp:include page="/WEB-INF/dir/file.extension" />

The differences between these two types of inclusion may be distorted, good results will be, for example, http://java.sun.com/products/jsp/tags/11/syntaxref117.html
http://java.sun.com/products/jsp/tags/11/syntaxref1112.html
http://www.coderanch.com/how-to/java/IncludesActionDirective
http://docs.oracle.com/cd/B14099_17/web.1012/b14014/keydev.htm#i1005631

+4
source

Source: https://habr.com/ru/post/909737/

More articles:


All Articles