We have a Spring Boot application with Embedded Tomcat configured using a YAML file. Client side scripting is in AngularJS.
The problem is that a user can see the HTML contents of a page when using the direct URL.
For example, our primary login page opens when https://localhost:7001/ is requested, but static HTML content can be seen when somebody who knows the page location on the server directly requests https://localhost:7001/views/dashboard.html.
This is a security flaw and I want such requests to be blocked or re-directed to the login page. Is there any configuration for Embedded Tomcat to block direct access?