We have been working with a design company to design our website HTML. However, a portion of these HTML files need to be password protected, all of these files are stored in one particular folder called "/tools". The problem here is that these files should only be accessible if the user has logged into the site, and the design firm has given all of these files an .html extension, which means that they will not be able to run embedded JSP code.
From what I understand, if I want to create access control in these .html files I will need to rename them all to .jsp and then update all the links to these files to use the .jsp extension. But the design firm is telling me that their other clients never needed to do this and were able to use JSP to control access to the folder itself. They said that it is possible using JSP to prevent access to a particular folder on the webserver, and that anybody without a valid login or session who tries to access the files in the folder can be redirected to the login page. All of this can be achieved without having to insert JSP code into the password-protected HTML files and renaming them with a .jsp extension. Is this true? We want to avoid doing this because there are a lot of HTML files and links that will need to be changed if we rename the files to .jsp.
I'm still a relative beginner with JSP and have never heard of any functionality which allows JSP to stop a browser from accessing a particular folder on the server. Am I missing something here? Is there really a better way of doing this without using JSP code?