Behrang Saeedzadeh

Subscribe to Behrang Saeedzadeh: eMailAlertsEmail Alerts
Get Behrang Saeedzadeh: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Behrang Saeedzadeh

I have been thinking about the best way to restrict direct access to JSP pages in a Web application built around Struts. I don't like the idea of storing pages, images, and so on under the WEB-INF directory. WEB-INF is not meant to be the document root of Web applications. It's a meta directory. Two solutions that I like are: Using a security constraint and disallowing GET and POST and possibly other HTTP methods to be performed on .jsp pages (and other resources that are not to be accessed directly by the client.) It's also possible to create a directory for each group of related files and configure the restrictions with more flexibility. Using a filter to intercept client requests and forwarding direct access of jsp pages to an error page or something similar, i.e. redirecting the requests to the home page of the Web application. I wanted to see how is this implement... (more)