restricting JSP page from direct access..
posted 6 years ago
If you can't move the JSP pages to WEB-INF directory, you can use a filter to block any requests for such JSP pages. If all those JSPs are in a particular directory like /jsp/, then you can map your filter to /jsp/* to block any request for contents of the /jsp directory. The filter will block only incoming requests and will allow request dispatching from action to the JSP...