This week's book giveaway is in the Cloud/Virtualization forum.
We're giving away four copies of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds and have James Denton on-line!
See this thread for details.
Win a copy of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Protecting JSP From Direct Access  RSS feed

 
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My understanding is that JSP placed under the /WEB-INF is protected from direct client access. And, it is the RECOMMENDED STRATEGY for placing JSP to be accessed by forward only (Head First Servlet p583).

However, I searched thru some old posts and found that putting JSP in /WEB-INF is NOT a good strategy at all since some server refuse to serve anything even forward is used.

http://www.coderanch.com/t/279439/JSP/java/WEB-INF
http://www.coderanch.com/t/281596/JSP/java/JSP-page-WEB-INF


Now my question is, what should be the recommended or common strategy available for protecting JSP from direct client access?
 
Ranch Hand
Posts: 724
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Will this work?


[ October 26, 2005: Message edited by: David Ulicny ]

[ October 26, 2005: Message edited by: David Ulicny ]
[ October 26, 2005: Message edited by: David Ulicny ]
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you mean routing all requests to a central controller and have it determine which resource to server?
 
Author and ninkuma
Marshal
Posts: 66797
168
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any container that will not allow forwards to resources under WEB-INF is broken and should not be used. I always put my pages under WEB-INF.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!