mapping JSPs

Can you please give me references about mapping JSPs in the DD like servlets. Basically, I do want to know at which locations the JSPs can be put, and how they can be mapped in web.xml file.

If you'd take some time to take a look at the Servlets Specification, you'd see that the servlet tag has an option to declare a JSP file as a servlet :

I leave you figure out where to put the JSP file, and how to map it. (it maps like any servlet)

Why would you want to do that? It's a rare thing to need to do.

I just want to secure my JSPs from users of the application. I mean the user shouldn't able to type the path and reach my JSPs directly, they must go through the site. By putting JSPs in the root of the application, I am allowing users to type the path to reach them. Right? I don't want to do that.

Put them under WEB-INF. Then they cannot be directly accessed. No mapping nonsense necessary.

So.. can I put some JSPs in root directory, and some JSPs under WEB-INF directory? I think then it will be a problem for the server to know where the requested JSP is without mapping?

No, because JSPs underneath WEB-INF aren't directly accessible to begin with. You'd have to use servlets which forward to (or include) those JSPs. So the control flow would be a bit different than what you have now.
[ January 23, 2008: Message edited by: Ulf Dittmer ]

With a servlet entry and a mapping, they are accessible from within WEB-INF.

With a servlet entry and a mapping, they are accessible from within WEB-INF.

This isn't that un-common in model1 architectures where everything is written in JSP. It allows you to set servlet-init params in the deployment descriptor , restrict direct access to the JSP, and to group components with URL patterns that easily be matched up with filter mappings, etc...

These days, the accepted best practice is to use JSPs only as a view tier which would eliminate any need for the things mentioned above.

I got it...

But, giving WEB-INF in path feels weird... am I doing it correctly?

Originally posted by Srikanth Reddy Lankireddy:

But, giving WEB-INF in path feels weird... am I doing it correctly?

It shouldn't feel weird, you're mapping the path to the file, relative to the root of your application.

there could be other ways to prevent users from directly accessing resources like checking for "referer" in the request header (e.g. it would be null if address is manually entered), *.jsp in url-pattern so all requests go thru your front-controller and you dynamically decide which page to return.
[ January 23, 2008: Message edited by: Abhinav Srivastava ]

like checking for "referer" in the request header

I read some times ago that the referer was not something you could rely on. You cannot be sure that it will be set.