Reputation: 32081
Jetty automatically loads JSP support, how can that be turned off?
In my logs I see the following when Jetty starts:
+-WebAppContext@560c3014@560c3014/,file:/C:/MyProjects/ProxyServer/PrepayProxyWebsiteJetty/webapps/root/,webapps/root started
+-{org.apache.catalina.jsp_classpath=C:\MyProjects\ProxyServer\PrepayProxyWebsiteJetty\webapps\root\WEB-INF\classes, javax.servlet.context.tempdir=C:\Users\davidparks21\AppData\Local\Temp\jetty-0.0.0.0-80-root-_-any-}
+-{org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher=WebApplicationContext for namespace 'dispatcher-servlet': startup date [Tue Nov 09 14:38:47 ICT 2010]; parent: Root WebApplicationContext, org.springframework.web.context.support.ServletContextScope=org.springframework.web.context.support.ServletContextScope@3ab6f7f5, org.springframework.web.context.WebApplicationContext.ROOT=Root WebApplicationContext: startup date [Tue Nov 09 14:38:46 ICT 2010]; root of context hierarchy}
+-SessionHandler@6f7918f0 started
+-ConstraintSecurityHandler@47f08ed8 started
+-[]
+-/={TRACE={RoleInfo,F,C[]}}
+-ServletHandler@77546dbc started
+-[/*]/[]==0=>springSecurityFilterChain{}
+-[/]=>default{resourceCache=resourceCache, maxCacheSize=256000000, dirAllowed=true, gzip=true, maxCachedFileSize=10000000, redirectWelcome=false, acceptRanges=true, welcomeServlets=false, aliases=false, useFileMappedBuffer=true, maxCachedFiles=2048}
+-[*.jsp, *.jspf, *.jspx, *.xsp, *.JSP, *.JSPF, *.JSPX, *.XSP]=>jsp{logVerbosityLevel=DEBUG, fork=false, com.sun.appserv.jsp.classpath=<list_removed>, xpoweredBy=false, scratchdir=C:\Users\davidparks21\AppData\Local\Temp\jetty-0.0.0.0-80-root-_-any-\jsp}
+-[/]=>dispatcher{}
In my webapps web.xml I defined springSecurityFilterChain() and dispatcher(), but I did not define default and jsp.
It appears that JSP support is on by default, this should not be, I use velocity. Is there a way to disable this?
Also I see that there is a default which has dirAllowed=true, that makes me nervous, should it not be there?
My web.xml:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<!-- ~~~~~~~~~~~~~~~ SPRING DISPATCHER SERVLET ~~~~~~~~~~~~~~~ -->
<!-- Allows Spring to handle all web requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- ~~~~~~~~~~~~~~~ SPRING SECURITY HOOK ~~~~~~~~~~~~~~~ -->
<!-- All web requests go through security validation -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- ~~~~~~~~~~~~~~~ BEAN SCOPES FOR WEB ~~~~~~~~~~~~~~~ -->
<!-- Adds support for scoping beans as: 'request', 'session', and 'global session' -->
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
</web-app>
Upvotes: 2
Views: 1589
Answers (1)
Reputation: 100133
In Jetty 7.1.2, JSP support will be on if the classes in lib/jsp are in Jetty's classpath, and off otherwise. The OPTIONS=jsp argument to start.jar just controls their presence in the classpath.
Another option to disable JSP support comes from the mailing list. Essentially, the default descriptor for each deployed web app contains a JSP/Servlet mapping. If JSP is not required, then disable it for a given context by setting the setDefaultsDescriptor to null. For example:
WebAppContext wac = new WebAppContext();
wac.setDefaultsDescriptor( null );
See the WebAppContext documentation for details.
Upvotes: 1
Related Questions
- Spring Boot with Jetty: disable o.a.tomcat.util.scan.StandardJarScanner
- How to enable JSP in a Jetty server in a JAR file?
- spring boot starts by jetty instead of tomcat, what things to do?
- How to stop Jetty server from eclipse
- How do I tell Spring Boot to ignore Jetty and always use Tomcat?
- Missing JSP support in Jetty, or confusing log message?
- Embedded jetty webserver JSP support not configured
- Disable web app auto-reloading in standalone Jetty server
- Execute JSP with Jetty 7.3 without javac
- Disable JSP servlet in Jetty