Gundamaiah
Gundamaiah

Reputation: 786

How to protect my jsp page from direct access

I am doing a web application using servlets and jsps. I had a index.html

Now i need to avoid direct access of my login page from browser

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>Login App using Servlet and JSP</title>
 </head>
 <body bgcolor="pink">
 <center>
 <a href="Register.jsp">Register</a>
 <a href="Login.jsp" >Login</a>
  </center>
 </body>
</html>

Now I want to prevent direct access of Login.jsp from the browser

http://localhost:9090/LoginAppWithServletsJSPJDBC/Login.jsp

By googling I came to know that I need to use <security-constraint> for this.

Please help me .How can I achieve this.

Upvotes: 0

Views: 2585

Answers (1)

Braj
Braj

Reputation: 46871

Simply move Login.jsp under WEB-INF that can't be accessed directly from the outside world.

Only application can access it whenever needed using RequestDispatcher.

Sample code:

// put this logic anywhere in your application whenever needed to show Login.jsp 
request.getRequestDispatcher("WEB-INF/Login.jsp").forward(request, response);

Please have a look at What is WEB-INF used for in a Java web application?

Upvotes: 3

Related Questions