Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Is it possible to hide JSPs from users?  RSS feed

 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suppose that I only want the JSP pages to only be accessible through RequestDispatcher forwards from servlets. Is that possible to do?

Thanks,
Yuriy
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, put them in your WEB-INF directory.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66207
151
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
... or any folder structure that you create under WEB-INF. Since all my web apps are written using a Model 2 pattern, all my JSPs reside in a folder hierarchy rooted at WEB-INF/pages.

Usually I place one index.jsp file in the web app root which redirects to the approriate controller for whatever serves as the "main page" of the web app.
 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great, thanks!
 
Ambika Jain
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

If the jsp are placed under WEB-INF and I need to directly access
it from there, what do I need to add in web.xml file.

Thanks,
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You would need a servlet entry with a jsp-file node and a servlet mapping.

 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
no need for a servlet entry for the JSP.
Forwarding the request from a controller servlet to the JSP is enough.



where 'resource' is the resource you're forwarding to which can be a JSP.

In this case, place your JSPs in a directory under the webroot, not under WEB-INF.
Then add a security-constraints section to your web.xml like this:


This will make anything in that directory inaccessible from outside your web application.
Any attempt to directly access a file there will lead to a 403 (access denied) http response code, but you can still forward to the page from inside the web application.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!