<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I just started learning JSP. I am writing a simple JSP which has a form and asks the user for a username and password, the username and password are pre-defined in a hashmap. I was wondering, are people able to download the JSP file on my server and see the whole source code of it? If they are how can i prevent people from downloading a JSP file off my server and not allowing them to look at the code.<br />
<br />
I have noticed that when you run a JSP page through a browser (e.g. IE) and click on view - source it shows just the HTML markup rather than the Java. This is great. But are people able to download the JSP file and view its full source (including the java scriptlets, directives and expressions)?
</div>
</div>


Hi,

I just started learning JSP. I am writing a simple JSP which has a form and asks the user for a username and password, the username and password are pre-defined in a hashmap. I was wondering, are people able to download the JSP file on my server and see the whole source code of it? If they are how can i prevent people from downloading a JSP file off my server and not allowing them to look at the code.

I have noticed that when you run a JSP page through a browser (e.g. IE) and click on view - source it shows just the HTML markup rather than the Java. This is great. But are people able to download the JSP file and view its full source (including the java scriptlets, directives and expressions)?

security for jsp's

JavaServer Pages (JSP) allow the development of dynamically generated web pages. It uses the Java programming language; JSP pages are translated into servlets at runtime, with each servlet being cached and reused until the JSP is modified. JSP allows Java code to be interleaved with static web markup content, so the resulting page can be compiled and executed on the server to deliver the content.