Prevent File Access via URL in Java Servlet Webapp

Question

I am building a simple webapp using Java Servlets 3.1.0.
Is there a way in which I can prevent access to pages in my WEB-INF directly via the URL?

For example:
I have the file dashboard.jsp in my WEB-INF folder. I also have a servlet called the DashboardServlet that is accessible using /dashbboard in which I use the RequestDispatcher to forward dashboard.jsp

So now, when I access localhost:8080/dashboard, dashboard.jsp is shown. However, the dashboard is also shown when I try to access localhost:8080/dashboard.jsp

How can I prevent access to localhost:8080/dashboard.jsp while still making the foward on localhost:8080/dashboard possible.

Thanks!

if your jsp file is placed in WEB-INF then if you attempt to look up at `localhost:8080/dashboard` it won't serve jsp file, unless your servlet just reads the raw jsp file and outputs it — jmj, Nov 14 '13 at 10:00

Linus · Accepted Answer · 2013-11-15T05:35:06.103

The WEB-INF directory contains a heirarcy in which you'll find the necessary configuration information for your web application, and all the class files for your servlets and classes that are called up by your JSPs (Java Server Pages). The WEB-INF directory is a vital component of your web application, which will not run without it!

This basically means that WEB-INF is meant exactly for hiding the Jsp files.

So if you copy your JSP files to the WEB-INF they will not accessible in the format localhost:8080/dashboard.jsp.

Also check your Web.xml for correct servlet Mapping entries.

Prevent File Access via URL in Java Servlet Webapp

1 Answers1