Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Protecting JSP From Direct Access  RSS feed

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My understanding is that JSP placed under the /WEB-INF is protected from direct client access. And, it is the RECOMMENDED STRATEGY for placing JSP to be accessed by forward only (Head First Servlet p583).

However, I searched thru some old posts and found that putting JSP in /WEB-INF is NOT a good strategy at all since some server refuse to serve anything even forward is used.

http://www.coderanch.com/t/279439/JSP/java/WEB-INF
http://www.coderanch.com/t/281596/JSP/java/JSP-page-WEB-INF


Now my question is, what should be the recommended or common strategy available for protecting JSP from direct client access?
 
David Ulicny
Ranch Hand
Posts: 724
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Will this work?


[ October 26, 2005: Message edited by: David Ulicny ]

[ October 26, 2005: Message edited by: David Ulicny ]
[ October 26, 2005: Message edited by: David Ulicny ]
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you mean routing all requests to a central controller and have it determine which resource to server?
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any container that will not allow forwards to resources under WEB-INF is broken and should not be used. I always put my pages under WEB-INF.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!