What is WEB-INF used for in a Java EE web application?

Question

I\'m working on a Java EE web application with the following source code structure:

src/main/java                 &l         


        

Answer 1

This convention is followed for security reasons. For example if unauthorized person is allowed to access root JSP file directly from URL then they can navigate through whole application without any authentication and they can access all the secured data.