I noticed a common pattern is to put JSP pages in WEB-INF folder (as opposed to WAR root). What's the difference? Why is that preferred?
WEB-INF. This directory, which is contained within the Document Root, is invisible from the web container. It contains all resources needed to run the application, from Java classes, to JAR files and libraries, to other supporting files that the developer does not want a web user to access.
In order to deploy Java Server Pages (JSP) files, you must place them in the root (or in a subdirectory below the root) of a Web application.
JSP provides a dynamic interface for the continuously changing data and also it dynamically invokes the server actions. HTML provides a means to give a detailed account of the structure of text-based information in a document. JSP generated dynamic web pages only. Whereas Html generated static web pages only.
JavaServer Pages (JSP) is a technology for developing Webpages that supports dynamic content. This helps developers insert java code in HTML pages by making use of special JSP tags, most of which start with <% and end with %>.
Files in WEB-INF are not visible to the users. It's a bit safer that way.
If (a contrived example) you are including db.jsp, but by itself it throws an exception, a malicious user can open http://yoursite.com/db.jsp and get some insight on your application (worst - the database credentials) from the exception message.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With