• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Is it possible to hide JSPs from users?

 
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Suppose that I only want the JSP pages to only be accessible through RequestDispatcher forwards from servlets. Is that possible to do?

Thanks,
Yuriy
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, put them in your WEB-INF directory.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
... or any folder structure that you create under WEB-INF. Since all my web apps are written using a Model 2 pattern, all my JSPs reside in a folder hierarchy rooted at WEB-INF/pages.

Usually I place one index.jsp file in the web app root which redirects to the approriate controller for whatever serves as the "main page" of the web app.
 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Great, thanks!
 
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

If the jsp are placed under WEB-INF and I need to directly access
it from there, what do I need to add in web.xml file.

Thanks,
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You would need a servlet entry with a jsp-file node and a servlet mapping.

 
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
no need for a servlet entry for the JSP.
Forwarding the request from a controller servlet to the JSP is enough.



where 'resource' is the resource you're forwarding to which can be a JSP.

In this case, place your JSPs in a directory under the webroot, not under WEB-INF.
Then add a security-constraints section to your web.xml like this:


This will make anything in that directory inaccessible from outside your web application.
Any attempt to directly access a file there will lead to a 403 (access denied) http response code, but you can still forward to the page from inside the web application.
 
What? What, what, what? What what tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic