Is putting JSP files in WEB-INF folder a good practice

I see a lot people their JSP file in WEB-INF folder, usually configured in Spring MVC this way

  <bean id="viewResolver"
      <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
      <property name="prefix" value="/WEB-INF/jsp/" />
      <property name="suffix" value=".jsp" />

What WEB-INF was designed to do

Most people do this because any contents in this directory can not be publicly visited. So it provides some kind of security and protection of your JSP file.

If you want to hide a JSP file, the standard way should be adding a filter and configure URL rewriting, but many people are just lazy to do this, and WEB-INF provided a way to do this without any coding. Its obviously not a standard operation, but a common practice.

From the name, I think this directory is supposed to store some kind of meta data about current web application, in current implementation, it stores compiled java class files , dependency libs, and configuration files like web.xml, struts.xml, etc.


Put JSP file in WEB-INF is not a standard practice, but its OK to do it, some framework even encourage to do it, for example the Spring MVC framework.