I'm not trying to re-invent anything. I'm just trying to leverage the specification to secure resources.
Personally I prefer WEB-INF to contain web application configuration and information resources instead of content and other non-configuration resources. IMHO, its intuitive that way. For anyone else that may even be remotely interested in this topic, some further googling produced some interesting results. I searched using the string: "preventing direct access to .jsp files" It appears that there is no standard way to do this even though it's implied in the spec. Here's a good example: http://forums.bea.com/bea/message.jspa?messageID=202433201 Oh well... /robert > -----Original Message----- > From: Hassan Schroeder [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 14, 2004 5:55 PM > To: Tomcat Users List > Subject: Re: [newbie] Container Managed Security - preventing direct > access to .jsp > > > Robert Taylor wrote: > > > Does this not imply that I can do what I am trying to do? > > I suppose; I'm just baffled why you want to reinvent this particular > built-in wheel, but don't let that stop you :-) > > -- > Hassan Schroeder ----------------------------- [EMAIL PROTECTED] > Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com > > dream. code. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]