Gundamaiah
Reputation: 786
How to protect my jsp page from direct access
I am doing a web application using servlets and jsps. I had a index.html
Now i need to avoid direct access of my login page from browser
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login App using Servlet and JSP</title>
</head>
<body bgcolor="pink">
<center>
<a href="Register.jsp">Register</a>
<a href="Login.jsp" >Login</a>
</center>
</body>
</html>
Now I want to prevent direct access of Login.jsp from the browser
http://localhost:9090/LoginAppWithServletsJSPJDBC/Login.jsp
By googling I came to know that I need to use <security-constraint> for this.
Please help me .How can I achieve this.
Upvotes: 0
Views: 2585
Answers (1)
Braj
Reputation: 46871
Simply move Login.jsp under WEB-INF that can't be accessed directly from the outside world.
Only application can access it whenever needed using RequestDispatcher.
Sample code:
// put this logic anywhere in your application whenever needed to show Login.jsp
request.getRequestDispatcher("WEB-INF/Login.jsp").forward(request, response);
Please have a look at What is WEB-INF used for in a Java web application?
Upvotes: 3
Related Questions
- How to prevent client from accessing JSP page
- Make JSP unaccessible from outside
- How to disable direct access to jsp pages?
- How avoid direct access to a jsp page
- How can I secure a JSP page after adding it to my hosting and making it live?
- Denying direct access to jsp pages
- How do I prevent direct access of a jsp through a url?
- How to restrict access to a Servlet via browser
- Prevent users from accessing .jsp except by forwarding
- prevent from a user to access directly to a jsp file