How to properly put JSPs in the WEB-INF folder?

java jsp servlets jakarta-ee web-applications

30,150

Solution 1

Its not a standard practice or valid as per the J2EE spec (I know using most of the java Web development frameworks like Struts, Spring MVC, Stripes you can do this). As per the spec, all our publicly accessibly pages should be out side of WEB-INF. But if you want the pages to be in web-inf, what you can do is to create a servlet along the lines of a controller servlet and forward the requests to jsp pages from your servlet and those pages can be in WEB-INF, and there is no special configuration that can be done to do this.

Solution 2

You can put your JSP in

WEB-INF/jsp

folder and access that JSP using servlet.

Create login.jsp and then access that JSP using preloginservlet.java. This servlet redirects to login.jsp which is in the WEB-INF/jsp folder.

Solution 3

Create an intermediary JSP outside of WEB-INF that includes your JSP.

e.g. your page inside of WEB-INF is ProjectName/WEB-INF/JSP/yourPage2.jsp create a page ProjectName/yourPage1.jsp

Write below code in yourPage1.jsp

yourPage1.jsp

<%@ include file="WEB-INF/JSP/yourPage2.jsp" %>

Solution 4

You create a jsp page out side WEB-INF folder and inside that jsp use jsp:forward as

In web.xml file use give outside jsp name in welcome file list.

It works for me...

View more solutions

30,150

Author by

nayan

Updated on February 24, 2020

Comments

nayan about 4 years
My question is how to put all the JSP files in WEB-INF/JSP/ in the proper manner?

Is there any configuration for this as the structure I'm aware of is:
```
WEB-INF / JSP        --> all jsp is reside in that folder 
        / CLASSES    -- all classes is reside that folder
        / LIB        --> library file reside in that folder 
```
How do I set this up properly according to the spec. Please help me with an answer for this.
BalusC over 13 years

How so "not a standard practice or valid"? It's perfectly valid and the best practice if you want to implement MVC wherein you'd like to avoid that JSP pages can be accessed without a preprocessing controller.
Veera over 13 years

placing the JSP files inside the WEB-INF folder is perfectly valid and a best security practice.
Sam YC over 11 years

hi, but can we access the login.jsp directly?
Kickaha almost 11 years

I learned a lot from this answer, not valid as per the spec, but is used commonly, and explains to me how to secure publicly accessible jsp by using MVC to access the jsp's put into WEB-INF.
Admin almost 9 years

@GMsoF, I know yours is an old comment, but for the sake of others.. The whole point of placing the jsp files in WEB-INF/<dirname> is to prevent direct access to the files. An alternative would be to use the same idea as this answer, but with jspf fragment files instead; These could then be imported into a single index.jsp from outside the WEB-INF/ folder when the page is compiled.