On 22/08/18 19:48, Terence M. Bandoian wrote: <snip/>
> Back on topic, do JSPs have to be registered with the container using > servlet mappings in web.xml or some other mechanism in order to serve as > targets of forwards by servlets? Further, does doing so make those JSPs > accessible via external requests? I suspect the answer to both > questions is yes which means an additional mechanism will have to be > introduced to block that access which I believe was the original > question. Servlet filter? What makes JSPs accessible is the mapping of *.jsp to the JSP servlet. Any file outside of WEB-INF with a .jsp extension will be passed to the JSP servlet for processing: - .jsp -> .java - .java -> .class (servlet) - send request to servlet from previous step JSPs (or any other files) located under WEB-INF are never directly accessible. Forwards and includes can reference JSP files (actually any files) located under WEB-INF and the file is processed the same way it would be if it were located outside of WEB-INF. The idea of locating files under WEB-INF is so you can use them in forwards and includes without them being directly accessible. Mark P.S. It is actually WEB-INF or META_INF everywhere I write WEB-INF above but I only used WEB-INF to try and keep it clearer. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org