Servlet container : how to forbid access to a folder
I use Jersey for my REST API. I use JSP files for the views. I put my JSP view files in www/views/...
. Now I'd like to forbid access to these views through simple HTTP re开发者_如何学运维quest on their canonical URL.
What is the best way to forbid direct access to these JSPs from the client ?
Stick the JSPs under /WEB-INF
in the WAR.
As johna has already said, if you put the .jsp files under WEB-INF this will prevent any access to them from the web directly.
If you want finer-grained security controls I would investigate a tool like Spring Security which will let you set up more complex security rules.
精彩评论