The term “forwarding” is ambiguous in this question. In JSP/Servlet world, “forwarding” is more known from the MVC concept that the request URL (as visible in browser address bar) effectively calls the servlet (as matched by its URL pattern in web.xml or @WebServlet) which acts as a controller to prepare the model and uses a JSP as view to present the model. That JSP in turn is been called by “forwarding”. This is done by RequestDispatcher#forward():
request.getRequestDispatcher("/WEB-INF/foo.jsp").forward(request, response);
This does indeed not reflect the JSP’s URL in the browser address bar. This takes place entirely server side. Basically, the servlet “loads” the JSP and passes the request/response to it so that it can do its job of generating the HTML stuff. Note that the JSP in the above example is hidden in /WEB-INF folder which makes it inaccessible for endusers trying to enter its full path in browser address bar.
In general web development world, the term “forwarding” is also known from “URL forwarding” which is essentially the same as URL redirection. This in turn indeed causes a change in the browser address bar. This is in JSP/Servlet world more formally known as “redirecting” (although most starters initially confuse it with “forwarding”). This is done by HttpServletResponse#sendRedirect():
response.sendRedirect("another-servlet-url");
Basically, the server tells the client by a HTTP 3nn response with a Location header that the client should make a new GET request on the given Location. The above is effectively the same as the following:
response.setStatus(302);
response.setHeader("Location", "another-servlet-url");
As it’s the client (the webbrowser) who is been instructed to do that job, you see this URL change being reflected back in the browser address bar.
The term “URL rewriting” is also ambiguous. In JSP/Servlet world, “URL rewriting” is the form of appending the session ID to the URL so that cookieless browsers can still maintain a session with the server. You’ll probably ever have seen a ;jsessionid=somehexvalue attribute in the URL. This is by default not done automatically, but most Servlet based MVC frameworks will do it automatically. This is done by HttpServletResponse#encodeURL() or encodeRedirectURL():
String encodedURL = response.encodeURL(url); // or response.encodeRedirectURL(url)
// Then use this URL in links in JSP or response.sendRedirect().
(Which in turn is -again- an ambiguous term. With “URL encoding” you’d normally think of percent encoding. There’s no Servlet API provided facility for this, this is normally to be done by URLEncoder#encode() or, MVC-technically more correct, in the JSP by JSTL’s <c:url> and <c:param> or any UI component provided by the servlet-based MVC framework, such as JSF’s <h:outputLink>)
In general web development world (especially with Apache HTTPD / PHP folks), “URL rewriting” is more known as whatever Apache HTTPD’s mod_rewrite is doing: mapping incoming URLs to the concrete resources without reflecting the URL change in the client side. In JSP/Servlet world this is also possible and it’s usually done by a Filter implementation which uses RequestDispatcher#forward(). A well known implementation is the Tuckey’s URLRewriteFilter.
I admit that this has also confused me for long when I just started with JSP/Servlet, for sure while having my roots in the Apache HTTPD / PHP world.