Look, I am trying to let this go. But you insist on throwing out statements that may mislead others.
Placing JSPs under WEB-INF is an established best practice and was supported under servlet API 2.2 where it was allowed and reinforced under Servlet API 2.3 where it was expressly permitted. It is my understanding that a container that claims to support Servlet API 2.3 must permit this, though I don't know if all do yet. Your MVC best practices apparently include hiding the address bar from users and relying on JavaScript to refresh the URL where a simple redirect would suffice. I assume this leads to excellent usability on diverse user-agents including screen readers and devices that don't support JavaScript. You are perfectly welcome to express your views on current best practise but please don't confuse what is best practise with what will work. I have repeated ad-nauseum that though I was not advocating direct access of JSPs a redirect to the JSP would work, regardless of the security constraints in place, in this particular example. Keep digging Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
