1. Project
Recently built the entire module of SSH, generally no problem. But there are still some small details that I hadn't noticed before. One appears, one blog.
Now I want to prohibit direct access to all jsp pages, must go through the action layer. One of the methods is the use of WEB-INF. The test results are as follows.
2. Project directory
3. Test results
- External can directly access t1.jsp (under WebRoot); cannot directly access t2.jsp (under WEB-INF): 404 error The requested resource () is not available. .
- The system can directly access t2.jsp.
<package name="ad" extends="coreserver-default" namespace="/ad"> <action name="testAD" class="adAction" method="testAD"> <result name="success">/WEB-INF/t2.jsp</result> //correct jump </action> <action name="uploadify" class="adAction" method="uploadify"> </action> </package>
- t1.jsp normally references t2.jsp.
- t2.jsp normally references t1.jsp; t2.jsp normally references other css js images resources under WebRoot.
4. Conclusion
- Move all jsp pages under WEB-INF, css js images resources are still placed under WebRoot.
- Accessing the jsp in the WEB-INF directory can only be forwarded, not redirected. The next blog post will discuss the difference between the two.
- But this approach is not recommended, each web application server handles WEB-INF differently.
5.WEB-INF
- WEB-INF is the security directory for Java WEB applications. The so-called security is a directory that the client cannot access, but only the server can access.
- WEB-INF stores web.xml, classes, lib.