When publishing a Web Application project in WebLogic, in order to protect JSP files to avoid unauthorized access and peep, you can use WebLogic.JSPC to bring JSP file precompile to servlet files, put it in a web-inf / class. Based on servlet declaration, Web-INF is not part of a public document tree for web applications. Thus, the resources under the web-infers are not directly serving customers, so that JSP can be guaranteed to a certain extent.
The specific implementation steps are as follows (WebLogic for Linux):
1, compile the JSP file with WebLogic.jspc
(1) In the working directory under Linux, create the following shell file, the file name is jspc.sh
#! / bin / sh
Java_Home = / OPT / IBMJAVA2-131
WBL_LIB = / U11 / BEA / WLSERVER6.1 / LIB / WebLogic.jar
Classpath = $ {java_home} / lib:.: $ {Wbl_lib}
Target_dir = .. / MOFA / Web-INF / CLASS # This is the depository of the JSP compiled servlet file
Webapp_dir = .. / Mofa # This is the directory you want to publish the web application
$ {Java_home} / bin / java -classpath $ {classpath} WebLogic.jspc -k -g -compileAll -d $ {target_dir} -Webapp $ {webapp_dir}
The part of the blue font above is to modify it according to the user's own configuration.
(2) Set the executable properties of the JSPC.SH file
# chmod x jspc.sh
(3) In the current directory, execute the jspc.sh file, perform the compilation of the JSP file, compile the class file, should be in the web-inf / class / jsp_servlet directory.
2. After success, remove all JSP or remove all JSP from the directory of Web Application.
3, edit the WebLogic.xml file, empty the contents of the JSP-Descriptor tag, add the following:
4, edit the web.xml file, add the following:
5. Release this Web Application on WebLogic.
6, access the corresponding JSP file, if you can access success, explain that the entire process has no problem
the above
Benefits: Wang Junling
Date: March 7, 2005
