Hi Bryan, I would like to have some closures on the older threads first before responding to the newly created ones, so don't take my silent as ignoring those new threads. ;-)
Bryan Atsatt wrote:
Whoops, .jsp files are not candidates for private resources, since the *container* must have access to them. But I stand by the gif/html/xml comment :^). Another candidate is property files (thanks to Stephen McConnell for reminding me), when used as default configuration.
In the context of the EE environment, my question is that who exactly are we trying to protect these resources from? If the answer is the container, making these resources public would also be acceptable 'cause I don't think we expect the container would mess around these resources if they remain public. Based on what we discussed so far, my impression is that we can implement the notion of "private resources" but it won't solve the general cases like ResourceBundle; having the notion of "private resources" would be nice-to-have in some cases, but they are not critical. I think we have dragged on this thread for too long. Perhaps a way out is to go with the simple notion of exported-means-visible-and-accessible for now (i.e. exported resources are visible and accessible by everyone, non-exported are visible and accessible by nobody). We could revisit this issue around "private resources" after we gather more feedbacks when the updated specification is published. What do you think? - Stanley