Koon Yue Lam wrote:
yes, the .js and .css are externally-accessible, but the .jsp aren't .... so my jsp can't refer to those .js and .css
Of course they can; most of my sites work this way.
Your JSP is sending HTML to *the client UA* with the URL of the CSS and JavaScript files -- it's the UA that retrieves them.
and after viewing this thread, I think I would take QM approche but u mentioned I can put all jsp into one folder and protect it. How? Is it a web container level or OS level protection ?
From a previous thread, it seems that one container (BEA, per Wendy Smoak) doesn't support forwarding to JSPs under WEB-INF. Perhaps the ambiguity in the spec will be resolved next time around. But since I have no current plans to use anything but Tomcat, the "portability" argument carries no weight here -- I put my JSPs in WEB-INF and let the container provide the "protection". No fuss, no muss :-)
FWIW! -- Hassan Schroeder ----------------------------- [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
