<textarea spellcheck="false" style="position: absolute; bottom: -1em; padding: 0px; width: 1000px; height: 1em; outline: none" tabindex="0" readonly=""></textarea>
We know that there are two ways to implement a page jump, one is through redirect, and the other is through the forward way. Redirect Mode of the jump, the system will open a new page to jump to the page, and forward way to jump, the system will be on the original page to open a page to jump. So files placed in the Web-inf directory are not allowed to be accessed using Redirect-mode jumps .
<Jsp:forward page="/web-inf/jsp/login.jsp" />
JSP is placed in the Webroot directory so that users can access directly, JSP placed in the Web-inf directory must be requested to access.
so it's safe to put the JSP page under Web-inf.
By setting a filter, files placed under Webroot can also be accessed without direct access.
Write a filter to implement the filter interface
General projects are all requirements of concealment, Only ask the customer to access the JSP page instead of directly through the request. If placed under Webroot, you must add a filter to block all access to *.jsp.
as long as the comparison: placed under the Webroot: advantages, clear program structure, easy to encode and maintain, disadvantages, to add filters. put under the Web-inf: advantages, no filters, disadvantages, disrupt the program structure, coding and maintenance trouble points.
Recommendedput it under the webroot .
The difference between JSP pages placed under Webroot or Web-inf