My compelling argument FOR it has always been that WEB-INF is where application artifacts that are not complete web artifacts belong. When writing in Struts (pseudo-MVC er Model II or whatever you like to call it), JSP is NOT web-ready - it's only template data - just like if you had an email template that had the blanks filled in.
Of course, I don't put my JSP's DIRECTLY under WEB-INF - usually have them broken out by the type of template - web, mobile, email, etc.
w
Tim Christopher wrote:
Hi,
I would like to block direct access to jsp files, and from what I've read the best practice appears to be setting a security-constraint within the web.xml file. (As opposed to storing all *.jsp files within the WEB-INF folder, though please correct me if that's wrong).
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
