I'm trying to use an servlet that dispatch the request to a JSP page located in the WEB-INF directory of my web app. I'm having an error because it seems to be a forbidden access. But in the book I'm reading, appear that this kind of access is valid. The code is like: RequestDispatcher rd=getServletContext().getRequestDispatcher("/WEB-INF/ayuda.jsp"); rd.forward(request,response); Do you know what is the problem? Thanks in advance. Cristian.
I've seen this suggested before, where you can put your JSPs in the WEB-INF directory to protect them from direct access. ie you can only .forward or .include them. I haven't actually read it but apparently the Servlet spec defines access to resources in the WEB-INF directory. I believe that the problem in the way it is defined is that it states that stuff under WEB-INF shouldn't be directly accessable, but it does not state that they should be indirectly accessable. What this means is that there is no guarantee that any app server will allow you to do this. The only server I actually tried this on was Tomcat 4, and after chasing it down in the source code, it appears that Tomcat will not allow any access to files in the WEB-INF directory. It explicitly denies access to anything matching */WEB-INF/* Dave