Clever Geek Handbook

Spring location of mvc and jsp pages in webapp vs WEB-INF

I have a question about hosting spring mvc and jsp pages in webapp vs under WEB-INF.

Let's say we have the settings below.

webapp
  WEB-INF
    mvc-dispatcher.xml
    web.xml
  login.jsp
  register.jsp
  success.jsp
  error.jsp
  index.jsp

I can link to pages from the browser using URLs like http://host.com/app/index.jsp and from there I can link (a href) to register.jsp. From register.jsp, I am sending to a controller that can return a success view that resolves to success.jsp (using InternalResourceViewResolver).

If I move the jsp pages under WEB-INF (instead of previously in the webapp), I cannot send http://host.com/app/index.jsp from the browser. Also from success.jsp I am currently referencing index.jsp with href = "index.jsp" which will need to be changed to map to a controller (maybe in / as a dispatcher servlet) which will return the index as the name of the view ... Therefore all my links will have to be served by the controller. I'm right? or is there a way to refer to jsp pages without any associated controller when the jsp pages are under WEB-INF (if InternalResourceViewResolver is set).

Hello,

Miten.

+3


source to share


1 answer


You are absolutely right. You cannot access JSPs internally WEB-INF

directly from the browser. And this is very good . All your requests should be sent to the JSP through the controller and all your JSPs should be under WEB-INF

. There are many reasons for this:

  • Users cannot get the actual source of your JSPs and this has a positive impact on security.
  • Many JSPs rely on some request attributes (The Model). When the user calls the JSP directly from the browser, there is no Model. This might break some logic.
  • One JSP pod WEB-INF

    can be used for different URLs without any changes, and users don't know anything about it!
  • It's just good practice when you are doing MVC ( Model 2 , not Model 1 )


Considering the question of accessing JSP directly without a controller:

  • You can directly map HTTP Exceptions / Throwables to JSP through JSP error pages . For example, a simple technique is good for custom 404s.
  • When using Apache Tiles + Spring and accessing some /notmappedurl

    Spring (Tiles) will try to find the definition notmappedurl

    . (From my experience with Tiles + Spring). I think other viewing technologies have similar behavior.
  • Not so hard to write @RequestMapping("/someurl")void someurl(){}

    . Spring will try to find a view someurl

    based on the method name. Just a stub.
+6


source






More articles:


All Articles