Web tier: servlets, JSP, Web frameworks: Deny access to a certain JSP
- Posted by: igorko stajpus
- Posted on: December 11 2003 07:17 EST
how can one deny access to a certain JSP directly from a web browser? i don't want users to be able to access a JSP by typing its URL in their browser.
> how can one deny access to a certain JSP directly from a web browser? i don't want users to be able to access a JSP by typing its URL in their browser.
place the jsp pages under the WEB-INF directory then map some urls to the jsp pages
You can avoid all issues if your users do not know the URLs to your JSPs as it was mentioned in the previous response.
Finally, if you are concerned about security, you can secure access to certain pages or access paths using JAAS or J2EE Application Security if your server supports it.