7

In a simple Java web application, for example imagine you have a servlet TestServlet.java. In deployment description ( web.xml ) you can for example map the request coming to say /testpage to TestServlet so that when /testapplication/testpage is requested TestServlet handles the request. And you can for example write "Hello World" and send the response.

In directory structure ( the application that is deployed to the web server ), TestServlet.java will reside in:

webapps\testapplication\WEB-INF\classes\com\packagename\TestClass.java

which means there is no way to get to this file using the browser. ( Like entering a URL )

You can also get the request dispatcher and forward the request and response object to a JSP file like .getRequestDispatcher("/test.jsp"). But then the file will be in

webapps\testapplication\test.jsp

so connecting to http:\\server.com\test.jsp will also get this file.

I want to hide the file in WEB-INF folder so it can not be reached by the client except the mapping I have provided.

What is the appropriate way for doing this?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Koray Tugay
  • 22,894
  • 45
  • 188
  • 319

2 Answers2

10

I want to hide the file in WEB-INF folder so it can not be reached by the client.

Keep your jsp files under WEB-INF for example - (WEB-INF/jsp), so that by default Web Containers does not allow resources under WEB-INF folder to be accessed directly by clients, but the RequestDispatcher can access it.

request.getRequestDispatcher("/WEB-INF/test.jsp").forward(request, response);
Jayasagar
  • 2,046
  • 19
  • 22
  • But my question is, in java servlet, how should I give the path to the jsp file? Like getRequestDispatcher("WEB-INF/test.jsp") ? Is this the right way? – Koray Tugay Nov 07 '13 at 18:40
  • Your answer is not correct, if you correct it I will mark it as accepted. – Koray Tugay Nov 11 '13 at 17:14
  • Thank you @KorayTugay :). I missed out giving complete code snippet line. Now I have corrected it. – Jayasagar Nov 11 '13 at 17:35
  • "by defaul Web Containers [do] not allow resources under WEB-INF folder to be accessed directly" - this does not seem to be the case for Jetty. Jetty happily serves up everything under WEB-INF. – Reinderien Jul 09 '19 at 18:04
0

If you are using jsf, you can put this file in WEB-INF folder and use a navigation rule to mapping the request to the page. But if you are not, you can create a filter and map it to url "/test.jsp" using the <url-pattern> attribute and redirect to anywhere you want (like a page in WEB-INF).

Pedro Vítor
  • 191
  • 1
  • 6