When using Facelets it is normal to use XHTML files to describe the view. Also in your web.xml configuration mostly you find a mapping of the FacesServlet to something like “/faces/*” or “*.faces”, so that you have URLs like:
Now, it is easy to view the source code of the page, when the application is written with Facelets’ XHTML files. Just do the following:
You now see the page structure, what libraries are used etc. This type of “Open source” you definitely want to avoid, when using Facelets. You could write a security filter or something similar, but the soultion could be really really simple.
Use the following servlet-mapping in your web.xml:
... <servlet-mapping> <servlet-name>faces</servlet-name> <url-pattern>*.xhtml</url-pattern> </servlet-mapping> ...
No more “Open Source” of your Facelets application 😉