On Mon, 26 Nov 2001, Frank Lawlor wrote:
> Date: Mon, 26 Nov 2001 13:08:02 -0600
> From: Frank Lawlor <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
> To: "Tomcat (E-mail)" <[EMAIL PROTECTED]>
> Subject: Re: [repost] loading class files
>
> > Note on the other stuff: Classes used on the server
> > side should be in a package structure under
> > WEB-INF/classes to work correctly. JSPs,
> > static content, and client-side applets should
> > all be outside the WEB-INF folder for proper
> > operation. This is defined in the spec and is
> > required for all applications conforming to it.
> > Hope this clears some mystery.
> > --David Smith
> I cannot find any place in the spec that says that
> JSPs, etc. cannot be under WEB-INF. I have seen
> many suggestions that this is a good place to put
> them to prevent direct access. In what way doesn't
> this provide "proper operation".
You can indeed put JSP pages inside the "WEB-INF" directory. However,
such pages will *only* be accessible via a RequestDispatcher.forward() or
RequestDispatcher.include() call, not direct requests from clients. This
technique is commonly used in MVC-based web applications to avoid the
possibility that users can type a URL of such a page directly.
>
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.
Craig
>
>
>
>
> --
> To unsubscribe: <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
