Plus: nothing under WEB-INF can be referenced by a browser, so JSPs
stored there can't be called directly.
Minus: nothing under WEB-INF can be referenced by a browser, so JSPs
stored there can't be called directly... :-)
It depends on your requirements. But generally you will want to route
requests for all but the simplest of pages through an action. By placing
the corresponding JSP under WEB-INF, you ensure it can never be accessed
*except* through an action.
L.
mojoRising wrote:
Is this considered the Best Practice: Keeping all JSP's under the WEB-INF
directory? We have not done that on my project, I am curious if there are
plus' and minus' to this?
Thanks,
John
The easiest way is to always have the user call an action to get a JSP,
even if it is a simple page. You then also ensure that all data
necessary for that page has been obtained. The, by placing the JSP's in
the WEB-INF directory you will prevent access directly from a browser
(only from the s2 dispatcher).
Otherwise, I would suggest a servlet filter or header code for all JSPs
that make the necessary checks.
/Ian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]