I know we can deploy Grails application with .war file, just like in this wiki : http://grails.org/Deployment but the view files (the .gsp files) is still on a plain text. I want to protect my .gsp code, any suggestion?
Asked
Active
Viewed 191 times
1 Answers
1
How do you mean protect, do you want to make sure that users can't see the GSP code? That's not possible, just like for JSPs, since the server won't send down source code to the browser, only rendered output from GSPs/JSPs.
If you want to guard access to particular GSP URLs, use http://grails.org/plugin/spring-security-core or http://grails.org/plugin/shiro
Burt Beckwith
- 75,342
- 5
- 143
- 156
-
i mean if i sell my web application to my customer and deploy to their server, my customer still can edit the .gsp file – Julius Prayogo Oct 01 '13 at 13:40
-
Sure, but GSPs are precompiled when you build the WAR, so unless you enable GSP reloading (the default is off) then their changes wouldn't take effect. – Burt Beckwith Oct 01 '13 at 14:33
-
You are right even if i delete the views folder the application is still work fine. So, which file is actually read by the server? – Julius Prayogo Oct 02 '13 at 09:42
-
They're compiled classes, so they're under `WEB-INF/classes` and the class names all start with "gsp_" – Burt Beckwith Oct 02 '13 at 19:16
-
Sorry to come to this late, but this is of particular interest at the moment. Is there a build parameter when building the war to skip the views folder? – David Brown Dec 30 '14 at 15:42
-
To answer my own comment, this post provides the solution : http://stackoverflow.com/questions/10168179/deleting-plugins-views-gsp-when-building-the-war – David Brown Dec 30 '14 at 15:45