Make a new folder in WEB-INF and name it as jsp.
now place all your jsp files in this new folder
Once you do it, no one will be able to directly access your jsp files through urls.
This is because the container restricts the direct user access to the things placed inside web-inf folder. for example you can not access this url http://yourserver.com/yourapp/WEB-INF/web.xml
However you are free to access the objects placed in webinf folder from your servlets and jsps