2 Replies Latest reply on Apr 19, 2010 8:33 AM by Adrian Mitev

    Tomcat Shows xhtml Source Code in JPA Example

    Antonio Vlay Newbie

      Hi,
      when running the JPA example in plain Tomcat 6.0, you can get the source code of xhtml files.
      For example, if you open:
      http://localhost:8080/jboss-seam-jpa/main.xhtml


      you get the whole source code for main.xhtml. I think this is a security risk.
      Is there a way to prevent this behaviour?


      Thanks,
      Antonio

        • 1. Re: Tomcat Shows xhtml Source Code in JPA Example
          Antonio Vlay Newbie

          I managed to fix this by taking a look at the wiki example.
          The following lines should be added to web.xml:




             <servlet-mapping>              
                  <servlet-name>Faces Servlet</servlet-name>              
                  <url-pattern>*.seam</url-pattern>        
              </servlet-mapping>
          
              <security-constraint>
                  <display-name>Restrict raw XHTML Documents</display-name>
                  <web-resource-collection>
                      <web-resource-name>XHTML</web-resource-name>
                      <url-pattern>*.xhtml</url-pattern>
                  </web-resource-collection>
                  <auth-constraint>
                      <role-name>NONE</role-name>
                  </auth-constraint>
              </security-constraint>



          Regards,
          Antonio