When you deploy static HTML and JSPs, you can choose whether to make them directly accessible from outside the web app. By directly accessible, we mean that a client can enter the path to the resource into his browser, and the server will return the resource. But you can prevent direct access by putting files under WEB-INF or, if you’re deploying as a WAR file, under META-INF.
If the server gets a client request for anything under WEB-INF or META-INF, the Container MUST respond with a 404 NOT FOUND error!
There are no Dumb Questions