velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Jacobson <>
Subject Re: VelocityViewServlet and
Date Thu, 03 Oct 2002 09:36:40 GMT
Anders Lindback wrote:

> Iain Young skrev:
>>Hi Gabe,
>>>all templates are read relative to the root of the web app. There is
>>>currently no way to configure the resource loader differently in
>>> That is maybe something we should add??
>>I think that would be a very useful addition as it's very messy having all
>>of the vm files in the webapp root (the only place where the current vvs
>>will pick them up from), especially as the project I'm working on is likely
>>to have a great number of template files. I guess that alternative paths
>>could be specified in in the same way as the other
>>resource loaders (i.e similar settings to the file loader), and the vvs
>>could read them from there?
> It's a security problem to store the templates files in the webbapp root directory.
> Therefore everyone should create their own servlet anyway. 
> Really wish that it's changed so that the servlet shipped are expecting
> that templates are hidden in a webbapps subdir to WEB-INF for exmple
> web-INF/templates instad as it is now. 
> All webbapps based on todays VelocityServlet are most probably a security hole.

All my VelocityServlets contain the following:

protected Properties loadConfiguration(ServletConfig config )
      throws IOException, FileNotFoundException
	Properties p = new Properties();

	String path = config.getServletContext().getRealPath("/");

	if (path == null)
		path = "/";

	p.setProperty( Velocity.FILE_RESOURCE_LOADER_PATH,  path + "/web/" );
	p.setProperty( "runtime.log", path + "/velocity.log" );

    return p;

Thus, all my .vm files are in <tomcat_path>/webapps/<myApp>/web/


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message