WEB-INF

A Java Web Application has certain specifications.

First, it should be packaged as a 'war' file. A 'war' file is a special case of a 'jar' file. It tells the web server that this file contains a web application.

Second, it should contain a folder called 'WEB-INF'.
WEB-INF itself should contain two folders: /classes and /lib, which contain all your Java classes and external libraries (jars)

WEB-INF should also contain a web.xml - this is the master file which tells the web server how to run your application.

Besides the WEB-INF, the web application can contain any number of other directories, for example /images, /jsp, /html, /js, etc

The difference between WEB-INF and all the other directories is that the web server will NEVER allow direct access to the contents of WEB-INF.

For example, if a user pointed their browser to:
http://www.foo.com/yourapp/WEB-INF/../..

they will get an error.

But if they point to:
http://www.foo.com/yourapp/some-other-folder/../..

they will get the file if it exists.

Contents of WEB-INF can only be accessed by classes and libraries inside WEB-INF.

In other words, WEB-INF is the private and mandatory directory in your web application. All other directories are public and optional.