About JSP can not be accessed directly through the browser, to jump through the servlet, but a JSP file with the <iframe> tag contains another JSP access problems

Today in doing homework encountered a problem, before we write JSP code is placed in the webcontext directory, not placed under its subdirectory under the wed-inf directory, all causes the browser can directly access the JSP, So there is a great security problem, after understanding, the correct wording is to put the JSP file under the Wed-inf directory, and then through the controller jump. If the direct browser accesses this JSP that is placed under the wed-inf directory, the 404 page will appear and the JSP file cannot be found.

1. First we look at the web-inf directory under the test1.jsp is not directly accessible, placed in the webcontext below is able to directly access. (1.1,1.2)

　　　　

　　　　

Figure 1.1 (JSP file directory)

Figure 1.2 (the browser directly accesses the JSP under Web-inf)

Figure 1.3 (The browser directly accesses the JSP under the Webcontext directory)

2. But we can access the test1.jsp through the servlet jump.

Here is the servlet code:

1  PackageCom.servlet;2 3 Importjava.io.IOException;4 Importjavax.servlet.ServletException;5 ImportJavax.servlet.annotation.WebServlet;6 ImportJavax.servlet.http.HttpServlet;7 Importjavax.servlet.http.HttpServletRequest;8 ImportJavax.servlet.http.HttpServletResponse;9 Ten@WebServlet ("/testservlet") One  Public classTestservletextendsHttpServlet { A     Private Static Final LongSerialversionuid = 1L; -      PublicTestservlet () { -         Super(); the     } -     protected voidService (HttpServletRequest request, -HttpServletResponse response)throwsservletexception, IOException { -Request.setcharacterencoding ("Utf-8"); +Response.setcontenttype ("Text/html;charset=utf-8"); -Request.getrequestdispatcher ("/web-inf/test1.jsp") + . Forward (request, response); A     } at  -}
and then you'll be able to access test1.jsp.

                                                    Figure 2.1 (Access to test1.jsp under the Web-inf directory via a servlet jump)

3. However, we sometimes encounter this situation in the JSP with the <iframe> tag contains another JSP for colleagues to access, but the included JSP can not be directly accessed by the browser, all the intelligence is placed under the Web-inf directory, but the problem comes, Only the outer JSP can be accessed through the servlet jump, and there are 404 errors in the included JSP.

Figure 3.1 (outside the JSP layer code contains a JSP file)

　　　　　　　　                    Figure 3.2 (JSP that is included in the access JSP result cannot be displayed)
At this point we need to configure the JSP in Web. XML to be accessed through server-side jump, and the client cannot directly access the code as follows:

<servlet>   <servlet-name>goto</servlet-name>   <jsp-file>/web-inf/jsp/ msgs.jsp</jsp-file>  </servlet>  <servlet-mapping>   <servlet-name>Goto </servlet-name>   <url-pattern>/msgs</url-pattern>  </servlet-mapping>

Then the iframe attribute src = "msgs" can be accessed.

Although this is a very small problem, when I study JSP encountered problems, so he recorded, I think there is a harvest, if there is anything wrong place, I novice,

I hope you correct me, thank you!

　　　　

About JSP can not be accessed directly through the browser, to jump through the servlet, but a JSP file with the <iframe> tag contains another JSP access problems