> When you said "This is not true." to the original concerns regarding
> response.sendRedirect("/somePage.jsp") method (which implies a
> direct call to the JSP page) and now you are not
> calling JSP directly, I don't get you. Of course, we know the security
> contraints can protect any thing. The problem is when a page is
> protected, the redirect will fail.You said, "The JSP page somePage.jsp could not be protected by the standard security constraints." That's what I was referring to when I said, "This is not true." If you redirect to /someAction.do and that is protected by security contraints then the exact same error would occur aswhen you redirect to /somePage.jsp. So, purely in terms of security contraints, there is no difference between redirecting to the action or the jsp. As I said, that does not mean that I advocate directly accessing JSPs, just that the reasons for not doing so have nothing to do with redirects or container security. Hope that is clearer Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
