****关于WEB-INF目录与 web.xml 的问题。 http://localhost/JSPweb/WEB-INF/classes/aaa.txt可以访问?你怎么设置的啊你 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 从tomcat/config 目录下复制的web.xml,放到虚拟目录的WEB-INF目录下,去除注释的:<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"><web-app> <servlet> <servlet-name>default</servlet-name> <servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>invoker</servlet-name> <servlet-class> org.apache.catalina.servlets.InvokerServlet </servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>jsp</servlet-name> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> <init-param> <param-name>fork</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>xpoweredBy</param-name> <param-value>false</param-value> </init-param> <load-on-startup>3</load-on-startup> </servlet> <!-- The mapping for the default servlet --> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- The mapping for the invoker servlet --><!----> <servlet-mapping> <servlet-name>invoker</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> <!-- The mapping for the JSP servlet --> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>*.jsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>jsp</servlet-name> <url-pattern>*.jspx</url-pattern> </servlet-mapping> <!-- ==================== Default Session Configuration ================= --> <!-- You can set the default session timeout (in minutes) for all newly --> <!-- created sessions by modifying the value below. --> <session-config> <session-timeout>30</session-timeout> </session-config> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list></web-app> 你完全没有必要复制完全的一份放到你的虚拟目录中的。你需要的仅仅是其中的一部分功能,然后你就配置你需要的那部分就可以了。从tomcat/config 目录下复制的web.xml,放到虚拟目录的WEB-INF目录下,去除注释的:<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"><web-app> <servlet> <servlet-name>default</servlet-name> <servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet><session-config> <session-timeout>30</session-timeout> </session-config> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> </welcome-file-list>这样就可以了,如果你有需要配置的servlet,那么你就在自己手工的配置就可以了。 哪段代码设置能保证 WEB-INF/ 目录不能被 http 访问呢?我设的web.xml无效,总是能访问到WEB-INF/ 目录下的文件,包括 .class 。 首先,tomcat默认的访问端口是8080,而你是通过http的默认端口80来访问的,说明你整合了其他的http服务器,有可能是整合的配置有问题。如果你没有整合其他的http服务器,而是修改的tomcat的监听端口,那么把监听端口改成8080再试试,如果还是不行说明你的tomcat出了问题,重装tomcat即可! 我想知道Tomcat是通过什么手段(哪个类)将 WEB-INF/ 目录设置(定义)为禁止访问的。 8080 或 80 .这不是问题所在。端口配置我清楚。也不会是跟IIS冲突。我就是想知道Tomcat是通过什么原理(哪个类)将 WEB-INF/ 目录设置(定义)为禁止访问的。 tomcat通过多种方式来禁止访问 web-inf/有兴趣可以下载tomcat的源代码研究。例如:org.apache.catalina.core.StandardContextValve : // Disallow any direct access to resources under WEB-INF or META-INF HttpRequest hreq = (HttpRequest) request; MessageBytes requestPathMB = hreq.getRequestPathMB(); if ((requestPathMB.startsWithIgnoreCase("/META-INF/", 0)) || (requestPathMB.equalsIgnoreCase("/META-INF")) || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0)) || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) { String requestURI = hreq.getDecodedRequestURI(); notFound(requestURI, (HttpServletResponse) response.getResponse()); return; }org.apache.ajp.tomcat4.config.ApacheConfig : // Deny serving any files from WEB-INF mod_jk.println(); mod_jk.println(indent + "# Deny direct access to WEB-INF and META-INF"); mod_jk.println(indent + "#"); mod_jk.println(indent + "<Location \"" + ctxPath + "/WEB-INF/*\">"); mod_jk.println(indent + " AllowOverride None"); mod_jk.println(indent + " deny from all"); mod_jk.println(indent + "</Location>"); http://localhost:8080/jsp/tutorial/servlet/WEB-INF/a.txt我的一样可以访问 java调用php,并获得一个返回值。 AJAX 传递数据怎么样才可以是 json 关于产品开发中代码管理的问题 iframe 传参问题(传的是对象) 自定义标签问题(高手请进) session,变量,刷新的问题 怎么会有90多个java进程? 如何处理用户登陆页面 求助:Mysql数据库连接异常 servlet使用RequestDispatcher到jsp页面,浏览器url栏还是servlet 关于媒体播放的问题(jsp文件播放) 出错拉~~!数据库错误
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app> <servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet> <servlet>
<servlet-name>invoker</servlet-name>
<servlet-class>
org.apache.catalina.servlets.InvokerServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>jsp</servlet-name>
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
<init-param>
<param-name>fork</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>xpoweredBy</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet> <!-- The mapping for the default servlet -->
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping> <!-- The mapping for the invoker servlet -->
<!---->
<servlet-mapping>
<servlet-name>invoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<!-- The mapping for the JSP servlet -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping> <servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>
<!-- ==================== Default Session Configuration ================= -->
<!-- You can set the default session timeout (in minutes) for all newly -->
<!-- created sessions by modifying the value below. --> <session-config>
<session-timeout>30</session-timeout>
</session-config> <welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list></web-app>
你需要的仅仅是其中的一部分功能,然后你就配置你需要的那部分就可以了。
从tomcat/config 目录下复制的web.xml,放到虚拟目录的WEB-INF目录下,去除注释的:<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app> <servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<session-config>
<session-timeout>30</session-timeout>
</session-config> <welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
这样就可以了,如果你有需要配置的servlet,那么你就在自己手工的配置就可以了。
我设的web.xml无效,总是能访问到WEB-INF/ 目录下的文件,包括 .class 。
这不是问题所在。端口配置我清楚。
也不会是跟IIS冲突。
我就是想知道Tomcat是通过什么原理(哪个类)将 WEB-INF/ 目录设置(定义)为禁止访问的。
有兴趣可以下载tomcat的源代码研究。
例如:
org.apache.catalina.core.StandardContextValve :
// Disallow any direct access to resources under WEB-INF or META-INF
HttpRequest hreq = (HttpRequest) request;
MessageBytes requestPathMB = hreq.getRequestPathMB();
if ((requestPathMB.startsWithIgnoreCase("/META-INF/", 0))
|| (requestPathMB.equalsIgnoreCase("/META-INF"))
|| (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0))
|| (requestPathMB.equalsIgnoreCase("/WEB-INF"))) {
String requestURI = hreq.getDecodedRequestURI();
notFound(requestURI, (HttpServletResponse) response.getResponse());
return;
}
org.apache.ajp.tomcat4.config.ApacheConfig :
// Deny serving any files from WEB-INF
mod_jk.println();
mod_jk.println(indent +
"# Deny direct access to WEB-INF and META-INF");
mod_jk.println(indent + "#");
mod_jk.println(indent + "<Location \"" + ctxPath + "/WEB-INF/*\">");
mod_jk.println(indent + " AllowOverride None");
mod_jk.println(indent + " deny from all");
mod_jk.println(indent + "</Location>");
我的一样可以访问