Having the jsp files under WEB-INF is nice because I know no one can get to them without going through an action. But it already caused one problem with my style sheet and the images within it.
Now I'm about to add tiles to the mix, and I wonder if I'm going to unnecessarily complicate my life by having my jsp's where they don't "officially" belong. I'm wondering if I can get the same effect by putting them in /path/to/tomcat/webapps/my_app/private and then putting a Filter in front of just that directory to keep people from requesting those pages directly. Any comments? Other ideas? -- Wendy Smoak Applications Systems Analyst, Sr. Arizona State University PA Information Resources Management
