The JSP under Web-inf jumps via hyperlinks in the servlet

In the Java EE, its main security is reflected in the Web working directory under the Web-inf folder. If a page is saved under the Web-inf file, then the page will not be accessed by the user, just like the thief can not see what I have, he still know what to steal? So if you put a page in the Web-inf folder, then the security of the page will be improved ... But sometimes when we need to access the page, but we can't access it, how can we access the page under the Web-inf folder?

Struts provides a convenient jump environment for this purpose. Each jump in struts is handled by an action, which is simple when the action is finished and the forward to the relative address.

But the question is, if I do not handle the jump through action, I want to jump directly from the Web-inf a.jsp page to the b.jsp page. Usually this time we will try to lower the relative address/b.jsp absolute address/web-inf/b.jsp or <%=request.getcontext () =%>/web-inf/b.jsp, but no matter how do not work, this time is relatively broken. Want to jump straight from the security point of view certainly not, because under the Web-inf Web container is not let you see his jump path. Direct jump not, indirect jump or some, such as struts action jump is a kind of indirect, why indirectly is safe? Because its jump address is well-equipped in Web. XML, the person who accesses it is invisible so it is indirectly secure. Is it just that struts can do the indirect task, obviously not. In fact, think of the struts action is what things will know how to do, struts action is plainly a servlet, so you can use the servlet to complete the task.

First configure the servlet and servlet mapping in Web. xml

<servlet>
<servlet-name>goto</servlet-name>
<jsp-file>/web-inf/jsp/test.jsp</jsp-file>--the page to jump to
</servlet>
<servlet-mapping>
<servlet-name>goto</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>

After the configuration of the JSP page with a can jump <a href= "/project name/test" > test page Jump </a>--here must be "/project name/test"

It is more difficult to jump through the servlet, but this ensures the security of the JSP page, and it is harder to think of both worlds.

Of course, if the security requirements are not high, it can be made very simple, directly put all the JSP pages under the Webroot, under the Webroot page users can directly enter the address access.

The JSP under Web-inf jumps via hyperlinks in the servlet