DEVHIDE
Login Or Sign up

how to block web-inf from http GET - wildfly 20 exploded

30 Views Asked by At

I deployed an exploded app in wildfly 20 standalone, pretty much default. I can go to:

https://localhost/WEB-INF/web.xml

and it shows me the file, and anything else at all under the root. I even have a line in web.xml like this:

<filter-mapping>
    <filter-name>accessFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

and my accessFilter class it not even being called on the get for files in WEB-INF.

Any idea what we missed? Full web.xml below

Thank you!

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_1.xsd"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_1.xsd">
<display-name>App 1</display-name>
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
    <param-value>0</param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:applicationContext.xml</param-value>
</context-param>

<context-param>
    <param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
    <param-value>false</param-value>
</context-param>
<context-param>
    <param-name>org.apache.myfaces.STRICT_JSF_2_FACELETS_COMPATIBILITY</param-name>
    <param-value>true</param-value>
</context-param>
<!-- PARTIAL_STATE_SAVING=false will cause error on mojarra 2.1.29-01 and 
    higher -->
<context-param>
    <param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
    <param-value>true</param-value>
</context-param>

<welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:applicationContext.xml</param-value>
</context-param>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    <multipart-config>
        <max-file-size>52428800</max-file-size>
        <max-request-size>52428800</max-request-size>
        <file-size-threshold>0</file-size-threshold>
    </multipart-config>
</servlet>
<servlet>
    <servlet-name>aaa</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.faces</url-pattern>
    <url-pattern>*.xhtml</url-pattern>
    <url-pattern>*.jspx</url-pattern>
    <url-pattern>*.jsf</url-pattern>
    <url-pattern>*/javax.faces.resource/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>aaa</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>

<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.VALIDATE_EMPTY_FIELDS</param-name>
    <param-value>false</param-value>
</context-param>    
<mime-mapping>
    <extension>png</extension>
    <mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
    <extension>xhtml</extension>
    <mime-type>application/xhtml+xml</mime-type>
</mime-mapping>
<context-param>
    <param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
    <param-value>true</param-value>
</context-param>

<filter>
    <filter-name>accessFilter</filter-name>
    <filter-class>com.aaa.webapp.AccessFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>accessFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<jsp-config>
    <taglib>
        <taglib-uri>http://jakarta.apache.org/taglibs/unstandard-1.0</taglib-uri>
        <taglib-location>/WEB-INF/unstandard.tld</taglib-location>
    </taglib>
</jsp-config>
<session-config>
    <session-timeout>30</session-timeout>
    <tracking-mode>COOKIE</tracking-mode>
</session-config>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Entire Application</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<error-page>
    <error-code>404</error-code>
    <location>/login.htm</location>
</error-page>
</web-app>
wildfly web-inf
Original Q&A
0

There are 0 best solutions below

Related Questions in WILDFLY

Related Questions in WEB-INF

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.