we have application deployed over wildfly 8.1 . All works fine for jsps , but whenever I put a slash , browser shows source code of jsp. This is an issue from security.
Can I handle this at wildfly or undertow configuration level .
For example :
localhost:8080/TaskManager/login.jsp/ - show jsp source code
localhost:8080/TaskManager/login.jsp - works perfect
One solution I am aware of is to put all my jsp inside WEB-INF , but I am looking to handle it at server level.
If it possible , if yes how ? Please help
Thanks, Abhinav
Asked same question at https://developer.jboss.org/message/927301#927301 but didn't get any response yet.
This seems to be a serious issue in the Undertow (web subsystem in the WildFly) - I've reported it in the WildFly issue tracker: WFLY-4595