Tuesday, June 21, 2016

Restrict direct access to JSP's in your application

If you want to restrict users from directly accessing JSP's in your application , like when users directly type the url of the JSP in the browser without logging in.

In this scenario you have 2 options ->

Option 1) Put all JSP's under WEB-INF folder.

Option 2) Write the following code in web.xml file.

            <web-resource-name>JSP Files</web-resource-name>
            <description>No direct access to JSP files</description>
            <description>No direct browser access to JSP files</description>

Note: In the above code snippet you need to give the exact location of your JSP's ->  
<url-pattern>/Folder Name/*.jsp</url-pattern>