How to properly put JSPs in the WEB-INF folder?
Solution 1
Its not a standard practice or valid as per the J2EE spec (I know using most of the java Web development frameworks like Struts, Spring MVC, Stripes you can do this). As per the spec, all our publicly accessibly pages should be out side of WEB-INF
. But if you want the pages to be in web-inf
, what you can do is to create a servlet along the lines of a controller servlet and forward the requests to jsp pages from your servlet and those pages can be in WEB-INF
, and there is no special configuration that can be done to do this.
Solution 2
You can put your JSP in
WEB-INF/jsp
folder and access that JSP using servlet.
Create login.jsp and then access that JSP using preloginservlet.java. This servlet redirects to login.jsp which is in the WEB-INF/jsp
folder.
Solution 3
Create an intermediary JSP outside of WEB-INF that includes your JSP.
e.g. your page inside of WEB-INF is ProjectName/WEB-INF/JSP/yourPage2.jsp create a page ProjectName/yourPage1.jsp
Write below code in yourPage1.jsp
yourPage1.jsp
<%@ include file="WEB-INF/JSP/yourPage2.jsp" %>
Solution 4
You create a jsp page out side WEB-INF folder and inside that jsp use jsp:forward as
In web.xml file use give outside jsp name in welcome file list.
It works for me...
nayan
Updated on February 24, 2020Comments
-
nayan about 4 years
My question is how to put all the JSP files in
WEB-INF/JSP/
in the proper manner?Is there any configuration for this as the structure I'm aware of is:
WEB-INF / JSP --> all jsp is reside in that folder / CLASSES -- all classes is reside that folder / LIB --> library file reside in that folder
How do I set this up properly according to the spec. Please help me with an answer for this.
-
BalusC over 13 yearsHow so "not a standard practice or valid"? It's perfectly valid and the best practice if you want to implement MVC wherein you'd like to avoid that JSP pages can be accessed without a preprocessing controller.
-
Veera over 13 yearsplacing the JSP files inside the WEB-INF folder is perfectly valid and a best security practice.
-
Sam YC over 11 yearshi, but can we access the login.jsp directly?
-
Kickaha almost 11 yearsI learned a lot from this answer, not valid as per the spec, but is used commonly, and explains to me how to secure publicly accessible jsp by using MVC to access the jsp's put into WEB-INF.
-
Admin almost 9 years@GMsoF, I know yours is an old comment, but for the sake of others.. The whole point of placing the
jsp
files inWEB-INF/<dirname>
is to prevent direct access to the files. An alternative would be to use the same idea as this answer, but withjspf
fragment files instead; These could then be imported into a singleindex.jsp
from outside theWEB-INF/
folder when the page is compiled.