Why put JSP in WEB-INF?

java jsp

Solution 1:

Files in WEB-INF are not visible to the users. It's a bit safer that way.

If (a contrived example) you are including db.jsp, but by itself it throws an exception, a malicious user can open http://yoursite.com/db.jsp and get some insight on your application (worst - the database credentials) from the exception message.

Solution 2:

I don't think it's a good design pattern, but I believe I can explain the reasoning.

Servlet containers won't serve any content in WEB-INF. By putting your JSPs there, you prevent anyone from directly accessing a JSP by navigating to it in the browser by name. This might be considered good practice, if some of your JSPs are just fragments of code/markup, and not meant to be used directly, and perhaps open some security hole you haven't though of.

It's still possible to get the container to see and use the JSPs as expected even in WEB-INF.

Solution 3:

An extra-plus when using a Controller (or Front-Servlet) is that you decouple the URL path from the physical location of the JSP-files in your project.

As example here a simple request-mapping from a Spring Controller:

@RequestMapping(value = "/item/edit", method = RequestMethod.GET)
public String getItemEdit(@RequestParam(value = "id", required = false) final String id) {
    return "itemeditform";
}

The ViewResolver takes care of mapping the URL to the place where your JSPs reside.

Related

Rails 2: Model.find(1) gives ActiveRecord error when id 1 does not exist
Why doesn't str.translate work in Python 3?
How can I split an IEnumerable<String> into groups of IEnumerable<string> [duplicate]
contenteditable=false inside contenteditable=true block is still editable in IE8
Java command not found on Linux
jQuery index() in vanilla javascript
How do I extend a List in Dart?
wget + JavaScript?
Matplotlib - fixing x axis scale and autoscale y axis
Regex word boundary expressions
"The semaphore timeout period has expired" error for USB connection
Why is mime_content_type() deprecated in PHP?