public class UploadServlet3 extends HttpServlet {    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {        doGet(request, response);    }    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {        //检测form是否是multipart/form-data类型的        boolean isMultipart = ServletFileUpload.isMultipartContent(request);        if (!isMultipart) {            throw new RuntimeException("The form's enctype attribute value must be multipart/form-data");        }        //解析请求内容        DiskFileItemFactory factory = new DiskFileItemFactory();    //产生FileItem的工厂        ServletFileUpload sfu = new ServletFileUpload(factory);        List<FileItem> items = new ArrayList<FileItem>();        try {            items = sfu.parseRequest(request);        } catch (FileUploadException e) {            throw new RuntimeException("解析请求失败");        }        //遍历:        for (FileItem item : items) {            //处理普通字段            if (item.isFormField()) {                processFormField(item);            } else {                //处理上传字段                processUploadField(item);            }        }    }    protected void processUploadField(FileItem item) {        try {            InputStream in = item.getInputStream();            //找一个存放文件的位置;存放的文件名            String fileName = item.getName();   //上传的文件的文件名            if (fileName != null) {                fileName = FilenameUtils.getName(fileName);            }其中：        //存放路径        String realPath = getServletContext().getRealPath("/WEB-INF/files");        在部署到tomcat中后，并没有发现上传后的文件在WEB-INF目录下，这样不就不能保证服务器端的安全吗？反而是在项目根目录下发现的。