Where are compiled JSP files stored in Zimbra, and how can I enumerate them for vulnerability analysis?

After a JSP file is accessed, Zimbra compiles it into a `.java` file stored under `/opt/zimbra/jetty_base/work/zimbra/jsp/org/apache/jsp/`. You can enumerate all registered `JspServletWrapper` instances using reflection on the request object, as shown in the article’s JSP code example. This technique leverages the `ConcurrentHashMap` that holds the compiled JSP wrappers and is useful for understanding the Jetty framework’s behavior. For related environment setups, see Setting Up VMware vCenter Server Vulnerability Debugging Environment.