It's mainly a security thing. So the value is tied to your security needs.
It first came up in thread regarding MVC purity, and ensuring that control passed through an Action before it went to a JSP. The basic idea is that if you have an architecture where all flow goes through Actions and then to JSPs, putting the JSPs down there ensures that this plan is always followed. It also absolutely prevents a user from retrieving a JSP directly. If none of this matters in your circumstances, then don't bother. Meanwhile, if you do follow the Action:JSP arcitechture, then the location of your JSPs is never revealed on the address bar. It may still be available if you use html:base and they peek at the source. But that only matters if there were a JSP that they could recall directly that could reveal sensitive information. Most often this is not the case, since the Action fetches the sensitive information. Last I knew, Weblogic did not support this part of the spec, so it's not an option for many people. -- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/struts/ [EMAIL PROTECTED] wrote: > > Hi Folks > > I am wanting to know what people think is better. To have all the jsp > files in the root directory of the web app or in a directory like > > WEB-INF/jsp-pages > > I have seen in a few places people putting all there jsp-pages in this > directory and I cannot see the advantages in doing so, why is this > better than putting them in the root directory? It seems like extra > work to have to then make mappings to get to the jsp files in the > struts-config.xml file. Is it worth it? > > Cheers > > Tony > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
