If you have high security requirements and you don't want to put your jsps in the WEB-INF, then how should you do it? Can you use declarative security to make sure no one accesses a jsp directly?
thanks, dave dandeneau
- Re: Security when jsps aren't in WEB-INF Dave J Dandeneau
- Re: Security when jsps aren't in WEB-INF Matt Raible
