Servlet container : how to forbid access to a folder

I use Jersey for my REST API. I use JSP files for the views. I put my JSP view files in www/views/.... Now I'd like to forbid access to these views through simple HTTP re开发者_如何学运维quest on their canonical URL.

What is the best way to forbid direct access to these JSPs from the client ?

Stick the JSPs under /WEB-INF in the WAR.

As johna has already said, if you put the .jsp files under WEB-INF this will prevent any access to them from the web directly.

If you want finer-grained security controls I would investigate a tool like Spring Security which will let you set up more complex security rules.