Question

How can we avoid direct access of JSP pages from client browser?

Answer 1

"We know that anything inside WEB-INF directory can’t be contacted directly in web application, so we can place our JSP pages in WEB-INF directory to avoid direct access to JSP page from client browser.  

Mock-up configuration is given below code snippet of web.xml file.

<servlet>

 <servlet-name>Test</servlet-name>

 <jsp-file>/WEB-INF/test.jsp</jsp-file>

 <init-param>

   <param-name>test</param-name>

   <param-value>Test Value</param-value>

 </init-param>

</servlet>

<servlet-mapping>

 <servlet-name>Test</servlet-name>

 <url-pattern>/Test.do</url-pattern>

</servlet-mapping>""

"

Answer 2

$<body bgcolor=black><font color=pink>$We know that anything inside WEB-INF directory can't be accessed directly in web application, so we can place our JSP pages in WEB-INF directory to avoid direct access to JSP page from client browser.

But in this case, we will have to configure it in deployment descriptor just like Servlets.