Hi. I have the following use case: I want to add a user to the system. Right now I have an HTML form with "action" attribute specifying a servlet, which is responsible for the actual processing of the form's parameters and adding the user. However, the servlet is accessible from the client directly. I know I can "hide" the servlet into the WEB-INF / META-INF, but then it would be inaccessible to the form, wouldn't it? How can I do this? Thanks.
Hi. Yes, I want to make sure the input comes only from the form. It can't come from a GET method with prepared URL as I am using POST with this one, so that the data can be sent encrypted (the username, and especially the password). I thought maybe there is a standard way in the specs how to do this one. I will definitely try your suggestions. Thank you for your answers.
subject: Make a resource (servlet) inaccessible to a client