In a simple Java web application, for example imagine you have a servlet TestServlet.java. In deployment description ( web.xml ) you can for example map the request coming to say /testpage
to TestServlet so that when /testapplication/testpage
is requested TestServlet handles the request. And you can for example write "Hello World" and send the response.
In directory structure ( the application that is deployed to the web server ), TestServlet.java will reside in:
webapps\testapplication\WEB-INF\classes\com\packagename\TestClass.java
which means there is no way to get to this file using the browser. ( Like entering a URL )
You can also get the request dispatcher and forward the request and response object to a JSP file like .getRequestDispatcher("/test.jsp")
. But then the file will be in
webapps\testapplication\test.jsp
so connecting to http:\\server.com\test.jsp will also get this file.
I want to hide the file in WEB-INF folder so it can not be reached by the client except the mapping I have provided.
What is the appropriate way for doing this?
I want to hide the file in WEB-INF folder so it can not be reached by the client.
Keep your jsp files under WEB-INF
for example - (WEB-INF/jsp)
, so that by default Web Containers does not allow resources under WEB-INF folder to be accessed directly by clients, but the RequestDispatcher
can access it.
request.getRequestDispatcher("/WEB-INF/test.jsp").forward(request, response);