开发者

Servlet container : how to forbid access to a folder

I use Jersey for my REST API. I use JSP files for the views. I put my JSP view files in www/views/.... Now I'd like to forbid access to these views through simple HTTP re开发者_如何学运维quest on their canonical URL.

What is the best way to forbid direct access to these JSPs from the client ?


Stick the JSPs under /WEB-INF in the WAR.


As johna has already said, if you put the .jsp files under WEB-INF this will prevent any access to them from the web directly.

If you want finer-grained security controls I would investigate a tool like Spring Security which will let you set up more complex security rules.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜