Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Legacy System with Protected JSP Above WEB-INF

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Putting JSP inside WEB-INF will protect them from direct client access. However, we have a legacy system which put all JSPs above WEB-INF. What are the best strategies to make sure these JSP cannot be accessed directly - assuming the URLs to them cannot be made secret.
 
Paul Bourdeaux
Ranch Hand
Posts: 783
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just a couple of guesses, because I haven't had to do this before, but I would try using a Filter, or maybe constraining the JSPs in the web.xml...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic