我可以使 Java Servlet 无法从外部访问吗?
Can i make a Java Servlet unaccessible from outside?
类似于 ,但我希望常规 servlet 只能通过 RequestDispatcher 访问。
例如,我有一个映射到 /hiddenUrl 的 servlet。这应该发生:
//forwards successfully
request.getRequestDispatcher(contextPath + "/hiddenUrl").forward(request,response);
//404 not found
response.sendRedirect(contextPath + "/hiddenUrl")
就像移动到 WEB-INF 目录中的 JSP 一样。可能吗?
servlet 容器永远不会直接服务于以 /META-INF/ 或 /WEB-INF/ 开头的请求(参见 chapter 10.5 of the specification):
A special directory exists within the application hierarchy named WEB-INF. This directory contains all things related to the application that aren’t in the document root of the application. Most of the WEB-INF node is not part of the public document tree of the application. Except for static resources and JSPs packaged in the META-INF/resources of a JAR file that resides in the WEB-INF/lib directory, no other files contained in the WEB-INF directory may be served directly to a client by the container.
因此,映射到 /WEB-INF/something 的 servlet 将对其他 servlet 和 JSP 可见,但不会直接对用户可见。
类似于
例如,我有一个映射到 /hiddenUrl 的 servlet。这应该发生:
//forwards successfully
request.getRequestDispatcher(contextPath + "/hiddenUrl").forward(request,response);
//404 not found
response.sendRedirect(contextPath + "/hiddenUrl")
就像移动到 WEB-INF 目录中的 JSP 一样。可能吗?
servlet 容器永远不会直接服务于以 /META-INF/ 或 /WEB-INF/ 开头的请求(参见 chapter 10.5 of the specification):
A special directory exists within the application hierarchy named WEB-INF. This directory contains all things related to the application that aren’t in the document root of the application. Most of the WEB-INF node is not part of the public document tree of the application. Except for static resources and JSPs packaged in the META-INF/resources of a JAR file that resides in the WEB-INF/lib directory, no other files contained in the WEB-INF directory may be served directly to a client by the container.
因此,映射到 /WEB-INF/something 的 servlet 将对其他 servlet 和 JSP 可见,但不会直接对用户可见。