Tomcat Shows xhtml Source Code in JPA Example

vlay Apr 18, 2010 7:05 PM

Hi,
when running the JPA example in plain Tomcat 6.0, you can get the source code of xhtml files.
For example, if you open:
http://localhost:8080/jboss-seam-jpa/main.xhtml

you get the whole source code for main.xhtml. I think this is a security risk.
Is there a way to prevent this behaviour?

Thanks,
Antonio

1. Re: Tomcat Shows xhtml Source Code in JPA Example

vlay Apr 18, 2010 7:17 PM (in response to vlay)

I managed to fix this by taking a look at the wiki example.
The following lines should be added to web.xml:

   <servlet-mapping>              
        <servlet-name>Faces Servlet</servlet-name>              
        <url-pattern>*.seam</url-pattern>        
    </servlet-mapping>

    <security-constraint>
        <display-name>Restrict raw XHTML Documents</display-name>
        <web-resource-collection>
            <web-resource-name>XHTML</web-resource-name>
            <url-pattern>*.xhtml</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>NONE</role-name>
        </auth-constraint>
    </security-constraint>

Regards,
Antonio

2. Re: Tomcat Shows xhtml Source Code in JPA Example

amitev Apr 19, 2010 8:33 AM (in response to vlay)

Raise an issue in JIRA.
Actions

Go to original post