Hello, Our current web application url reveals the class package structure to the end user. This is because in web.xml the servlet mapping tag is as follows Servlet_ name /servlet/com.xxx.yyy.ClassName
Is there any way by which i can hide the package structure. i.e com.xxx.yyy.ClassName to just ClassName?
Thanks Sameer
Yes. Fix your web.xml url mappings.
If for some bizarre reason this isn't possible you could add this filter in front to rewrite the urls:
This is recognizeable as an old and vulrenable feature of Tomcat's builtin InvokerServlet. To fix this, disable it in Tomcat's /conf.web.xml by removing or outcommenting the <servlet> and <servlet-mapping> entries associated with <servlet-name>invoker</servlet-name>.
This was a security hole in the ancient Tomcat versions and was fixed in Tomcat 5 and upwards where it is been deprecated and by default disabled. It will be removed in Tomcat 7.
You need to explicitly define all of the servlets in webapp's web.xml yourself along with a decent url-pattern. If you have pretty a lot of servlets, consider the Front Controller Pattern, i.e. just only one servlet which delegates and executes the desired business logic based on under each the request method, request URI, request pathinfo and so on.