This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security  RSS feed

 
Sangel Kapoor
Ranch Hand
Posts: 162
1
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Everyone

Its my first day to enter into the Java EE world. I was trying one example as folllows

1. I created loginPage.jsp file and mapped it into the web.xml to /login , so i was able to run it successfully

Query : I am able to run the above by 2 means

1. localhost:8080/<Context_Root>/login // This is fine
2. localhost:8080/<Context_Root>/loginPage.jsp // This is weird, i want the user not to pen like this even if she guessed the jsp file correctly any how.

Is there any way to avoid the 2 ?

Thanks and Warm Regards
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The usual approach is to put the JSP files where they can't be accessed directly, like in a subdirectory of WEB-INF.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66141
141
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No JSP should be able to be directly accessed except by going through a page controller servlet. As Ulf pointed out, one common way to do that is to put the JSP views in a folder under WEB=INF where they are hidden from direct view.

 
Sangel Kapoor
Ranch Hand
Posts: 162
1
Android Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:No JSP should be able to be directly accessed except by going through a page controller servlet. As Ulf pointed out, one common way to do that is to put the JSP views in a folder under WEB=INF where they are hidden from direct view.



I am not sure what does that mean, probably need to learn more things. :-))
Nevertheless, thanks for the replies.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66141
141
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps this article might help.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!