Home > Developer > JSP

How to Protect Your JSP page

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

To better protect your JSP against unauthorized access and peeping, a good way is to store the page file under the WEB-INF directory of the Web application.

Generally, JSP developers store their page files in the corresponding subdirectories of the Web application. A typical Store applicationProgramDirectory structure 2. JSP related to catalog is saved in the catalog subdirectory. JSP related to customer and JSP related to order are stored in this way.

The problem with this method is that these page files are easy to peek.Source codeOr directly called. In some cases, this may not be a big problem, but it may constitute a security risk in specific circumstances. It is also a problem that users can bypass struts controller to directly call JSP.

To reduce risk, you can move these page files to the WEB-INF directory. Servlet-based declarations do not make WEB-INF part of the Common Document Tree for Web applications. Therefore, the resources under the WEB-INF directory are not serving the customer directly. We can still use the JSP page under the WEB-INF directory to provide the view to the customer, but the customer cannot directly request access to JSP.

Using the previous example, Figure 3 shows the directory structure after moving the JSP page to the WEB-INF directory

If you move these JSP page files to the WEB-INF directory, you must add "WEB-INF" to the URL when calling the page. For example, write an action mapping for a logoff action in a struts configuration file. The JSP path must start with "WEB-INF. Note the bold Section as follows.

This method is a good method in struts practice under any circumstances. The only trick to note is that you must associate JSP with a struts action. Even if this action is just a very basic JSP, it always calls an action and then calls JSP.

It should be noted that not all containers support this feature. WebLogic earlier versions do not support servlet declarations, so it is reported that they have been improved in the new version. Check your servlet container before using it.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to password protect wordpress page how to protect database how to protect ssn how to password protect how to protect folder how to host jsp website for free how to password protect website
Related Article
Set the html/jsp edit automatic prompt in MyEclipse 9/10 __html
JSP (6)--JSP declaration
Springboot load JSP refresh JSP, refresh controller (try it Y...
Javax.servlet.jsp.PageContext cannot is resolved to a type
A simple calculator for JSP exercises (using Jsp+javabean mode)
Use absolute path $ {pagecontext. Request. contextpath} in JSP}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More