Reputation: 2486
Prevent File Access via URL in Java Servlet Webapp
I am building a simple webapp using Java Servlets 3.1.0.
Is there a way in which I can prevent access to pages in my WEB-INF directly via the URL?
For example:
I have the file dashboard.jsp in my WEB-INF folder. I also have a servlet called the DashboardServlet that is accessible using /dashbboard in which I use the RequestDispatcher to forward dashboard.jsp
So now, when I access localhost:8080/dashboard, dashboard.jsp is shown.
However, the dashboard is also shown when I try to access localhost:8080/dashboard.jsp
How can I prevent access to localhost:8080/dashboard.jsp while still making the foward on localhost:8080/dashboard possible.
Thanks!
Upvotes: 0
Views: 1292
Answers (1)
Reputation: 950
The WEB-INF directory contains a heirarcy in which you'll find the necessary configuration information for your web application, and all the class files for your servlets and classes that are called up by your JSPs (Java Server Pages). The WEB-INF directory is a vital component of your web application, which will not run without it!
This basically means that WEB-INF is meant exactly for hiding the Jsp files.
So if you copy your JSP files to the WEB-INF they will not accessible in the format localhost:8080/dashboard.jsp.
Also check your Web.xml for correct servlet Mapping entries.
Upvotes: 1
Related Questions
- Restrict file access in Tomcat
- tomcat deny access to specific files
- How do I prevent direct access of a jsp through a url?
- Protecting resources such as images in a servlet
- how to prevent users from directly access a file in a website by using its address
- restrict url access in JSP
- Restrict a user from accessing folder in Java EE app
- prevent from a user to access directly to a jsp file
- Servlet container : how to forbid access to a folder