views:

900

answers:

2

I'm new to Icefaces and Facelets both, but I'm using them on a new project. I've got everything working configured and working fine. However, when I visit mywebapp/file.xhtml, the entire facelets template source comes up in my browser. How could I hide this to prevent users from viewing my server-side templates?

+1  A: 

In the web.xml should be an entry which let you configure the behaviour of xhtml templates (show/hide..)

If you move the .jsp files to the WEB-INF folder (you have to reconfigure the jsp path for JSF), you can't access them by URL. Every J2EE-Server/Webcontainer I know act this way.

Another way is an self written servlet filter etc.

But, why do you want to hide your templates?

Martin K.
+3  A: 

Put all templates into WEB-INF/someDirectory/templates.

Then according to the facelets documentation put this inside your web.xml for all other xhtml files:

<security-constraint>
 <display-name>Restrict XHTML Documents</display-name>
 <web-resource-collection>
  <web-resource-name>XHTML</web-resource-name>
  <url-pattern>*.xhtml</url-pattern>
 </web-resource-collection>
 <auth-constraint>
  <description>Only Let 'developer's access XHTML pages</description>
  <role-name>someone</role-name>
 </auth-constraint>
</security-constraint>
Steel Plume