This week's giveaway is in the Java/Jakarta EE forum. We're giving away four copies of Java EE 8 High Performance and have Romain Manni-Bucau on-line! See Of course it also means you cannot use a response.redirect() to access the web page and would have to use a forward() instead. In fact I don't think there is any way you can hide a resource to which you redirect since request for any redirected resource comes ultimately from the browser itself.
Just out of curiosity - why can't you use jsp instead of html? Good pattern would dictate that all your files be '.jsp' anyways?