Avoid direct JSP access from client browser

 

Any files inside direct context folder can be accessible through client browser, but if same files if we place under WEB-INF folder then we can't access those files from client browser. So this way we can avoid direct call or access to specific JSP files from client browser. 
To access those JSP files we need configuration in web.xml (deployment descriptor) as similar to servlet. Lets see simple deployment descriptor for configuring JSP files along with sample JSP file.

JSP File (jspinside.jsp)


<html>
 <head>
  <title>Java Discover</title>
 </head>
 <body>
  <h1>Hello Java Discover :-)</h1>
 </body>
</html>




Deployment Descriptor (web.xml)


<web-app>
 <servlet>
   <servlet-name>JSPTest</servlet-name>
   <jsp-file>/WEB-INF/jspinside.jsp</jsp-file>   
 </servlet>
  
 <servlet-mapping>
   <servlet-name>JSPTest</servlet-name>
   <url-pattern>/jsptest.do</url-pattern>
 </servlet-mapping>
</web-app>




Folder Structure:


<context_name>
      -><WEB-INF>
             -><classes>
             -><lib>
             ->jspinside.jsp
             ->web.xml


Once complete deploy and test with below url

URL : http://localhost:8080/jsptest/jsptest.do


OUTPUT:



No comments:
Write comments