0

I'm trying to block access to servlets whose .class files are inside WEB-INF/classes. I'm using annotation for mapping servlets. Actually I can't directly access jsp files there are into WEB-INF, but I still can access all the servlets by digiting in the url bar. I don't want this because if accessed like that they popup lots of errors (they won't if accessed properly and not by url). Also I couldn't find anything on the Internet to fix this, expect the url blocking method using the path in the web.xml.

P.s. Sorry for my bad english.

EDIT:

I'm not using web.xml for mapping, but the annotation @WebServlet. For example, I have a servlet with this annotation @WebServlet("/searchServlet"). If I type in the url "localhost/searchServlet", it is called instead of displaying the error "resource not found" like with jsp into WEB-INF. Could it be a problem of deployment? All I'm doing is defining the Java Build Path for my src java classes into WEB-INF/classes (so it's actually the output of the compiled source): maybe this is different from deploying?

I want them being accessed only through gets/posts/redirects/forwards...

4

1 回答 1

0

You can use Filter to intercept all (or subset of) requests in your web application and, for example perform redirect to some predefined error page in filter.

You will need to add filter mapping in your web.xml (you also can annotate filter with relevant Servlet 3.0 annotations) and you won't have to touch your servlets mapped with annotations.

UPDATE: You can look here on how to define filter with annotations. You can do something like this in doFilter:

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.sendRedirect("/index.jsp");

... if you do want to block current request.

Hope this will help.

于 2013-05-25T12:32:50.923 回答