CSDN questions:
JSP is placed in the Webroot directory so that users can access directly, JSP placed in the Web-inf directory must be requested to access.
So it's safe to put the JSP page under Web-inf.
In this case, it is not as long as it is necessary to be accessible through the request of the page must be placed in the Web-inf directory?
There are also obvious advantages and disadvantages in Webroot and in the Web-inf directory.
We hope to discuss ...
1 Floor:
By setting a filter, files placed under Webroot can also be accessed without direct access. So it's a habit to say where you put it.
Generic projects are required to be hidden, allowing customers to request access rather than directly accessing JSP pages. If placed under Webroot, you must add a filter to block all access to *.jsp. As long as the comparison:
Placed under the Webroot: advantages, clear program structure, easy to encode and maintain, disadvantages, to add filters.
Put under the Web-inf: advantages, no filters, disadvantages, disrupt the program structure, coding and maintenance trouble points.
In fact, there is no big difference between the two, individuals tend to put under the Webroot
2 Floor:
Put Web-inf Why, Web-inf generally is used to put not allow users to access to the thing, JSP is used to access, it feels like a private interface the same ..., but also let people tune and hide ...
3 Floor:
The problem is that the contents of the JSP are to be obtained through the request, if placed under Webroot Direct access to the page is empty or direct error
4 Floor:
One, add a filter is not troublesome, and add after you can never stop the tube.
Second, put under the Web-inf, first from the understanding is very awkward, and then web-inf the following usually have a lot of files, the development process from the inside to find a file or folder is very inconvenient.
http://bbs.csdn.net/topics/320097731
To reduce the risk, you can move these paging files to the Web-inf directory. Servlet-based declarations, Web-inf are not part of a common document tree for WEB applications. Therefore, the resources under the Web-inf directory are not directly serviced by the customer. We can still use the JSP page in the Web-inf directory to provide a view to the customer, but the client cannot request access to the JSP directly.
JSP stored in the Web-inf directory more secure
If you move these JSP paging files to the Web-inf directory, you must add "Web-inf" to the URL when you invoke the page.
We know that there are two ways to implement a page jump, one is through redirect, and the other is through the forward way. Redirect Mode of the jump, the system will open a new page to jump to the page, and forward way to jump, the system will be on the original page to open a page to jump. so put it in files in the Web-inf directory are not allowed to be accessed using Redirect-mode jumps .
Also refer to:
Put JSP into Web-inf to protect JSP source code
http://blog.csdn.net/grandboy/article/details/519091
About JSP pages are placed under the Webroot directory and under Web-inf pros and cons