A. Web-inf Folder protection page
As is known to all, the Web-inf folder file is not directly accessible, so, in the development of the JSP page can be directly placed in the folder. Through the page forwarding mechanism, to access. (forwarding is an internal operation that can be accessed through a servlet)
Two. Web. XML Protection page
If you do not want to prevent direct page access through the Web-inf folder, you can protect the page through the security mechanism of Web. Xml.
To set a protected URL address through the <security-constraint> element
Specific operation:
In the Web. xml file, make the following settings:
<security-constraint>
<web-resource-collection>
<web-resource-name>no-acess</web-resource-name>
<url-pattern>/test/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Description:<auth-constraint> defines a role named admin, and if the user is not given the role, then the protected page cannot be accessed directly.
However, because forwarding is an internal operation, the security restrictions mentioned above have no effect on forwarding .
Three. Configuring filter protection in Web. xml
Filters can be used to filter the URL addresses specified in the system. Can affect the forwarding mechanism of the application system, the specified pages and requests can be filtered by the filter.
JSP restrict Access-3 ways to protect pages