Several methods to prevent users from directly accessing JSP pages

Several methods to prevent users from directly accessing JSP pages:
 

1. Put the JSP page under the WEB-INF directory, store everything in this directory or its subdirectory is protected.

However, it is not recommended because not all containers have such protection mechanisms, such as weblogic.

2. Use the servlet filter to filter requests to JSP pages.

3. Use security restrictions in the deployment file web. xml. This is easier than the filter. You do not need to write another filter. The configuration is as follows:

<Security-constraint> <web-resource-collection> <web-resource-Name> JSPs </Web-resource-Name> <URL-pattern>/web/* </URL -Pattern> <! -- Deny direct access to all pages in the web folder --> </Web-resource-collection> <auth-constraint/> </security-constraint> <login-config> <auth- method> basic </auth-method> <! -- Verification Method (Basic/form) --> </login-config>

<Web-resource-Name> qnjyzxt </Web-resource-Name> <! -- Qnjyzxt is the name of the file containing the resource (project name can be used) -->

<URL-pattern>/web/* </url-pattern> <! -- Deny direct access to all pages under the web folder -->

You can also set access restriction roles.

This article introduces restrictions on web resources on JSP pages.