Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Protecting JSP From Direct Access

 
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My understanding is that JSP placed under the /WEB-INF is protected from direct client access. And, it is the RECOMMENDED STRATEGY for placing JSP to be accessed by forward only (Head First Servlet p583).

However, I searched thru some old posts and found that putting JSP in /WEB-INF is NOT a good strategy at all since some server refuse to serve anything even forward is used.

https://coderanch.com/t/279439/JSP/java/WEB-INF
https://coderanch.com/t/281596/JSP/java/JSP-page-WEB-INF


Now my question is, what should be the recommended or common strategy available for protecting JSP from direct client access?
 
Ranch Hand
Posts: 724
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Will this work?


[ October 26, 2005: Message edited by: David Ulicny ]

[ October 26, 2005: Message edited by: David Ulicny ]
[ October 26, 2005: Message edited by: David Ulicny ]
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you mean routing all requests to a central controller and have it determine which resource to server?
 
Sheriff
Posts: 67595
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Any container that will not allow forwards to resources under WEB-INF is broken and should not be used. I always put my pages under WEB-INF.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic