Why the JSP pages under WEB-INF can't be accessible with sendRedirect method?

Question

Those pages under WEB-INF are accessible using forward method of RequestDispatcher. Whats wrong with sendRedirect?

Answer 1

WEB-INF directory is a private area of the web application, any files under WEB-INF directory cannot be accessed directly from browser by specifying the URL. Web container will not serve the content of this directory. However the content of the WEB-INF directory is accessible by the classes/servlets within the application.

sendRedirect() creates a new browser request. redirect sends a header back to the browser/client. This header contains the resource url to be redirected by the browser. Then the browser initiates a new request to the given url.

RequestDispatcher methods like include()/forward() works internally. It includes/forwards to resources available within the server from where the call is made. This transfer of control is done by the container internally and browser / client is not involved.

Read the Servlet spec 3.0 Directory Structure-10.5

A special directory exists within the application hierarchy named “WEB-INF”. This directory contains all things related to the application that aren’t in the document root of the application. Most of the WEB-INF node is not part of the public document tree of the application. Except for static resources and JSPs packaged in the METAINF/ resources of a JAR file that resides in the WEB-INF/lib directory, no other files contained in the WEB-INF directory may be served directly to a client by the container. However, the contents of the WEB-INF directory are visible to servlet code using the getResource and getResourceAsStream method calls on the ServletContext, and may be exposed using the RequestDispatcher calls.