How do i restrict JSP files in Tomcat 9 to only run in one subdirectory /jsp

Question

I need to be able to restrict jsp to run from only /jsp for security reasons. Any way how?

Answer 1

I found I can do this

<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspx</url-pattern>
</servlet-mapping>

to

<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>/jsp/*</url-pattern>
</servlet-mapping>

in conf/web.xml

any one know if I can match directory and extension eg /jsp/*.jsp?