> The *easiest* way in my assumption is that no one has direct access to the JSP pages in the security constraints.
Actually the easiest way is to place JSPs under WEB-INF but that was not what we were talking about. I'm not making assumption in that you flatly said that the JSP could not be protected by standard security constraints and I pointed out that it could. You may have misstated what you meant or simply misunderstood how it works, but what you actually wrote was factually incorrect. In regard to your previous comment, 'unprofessional' would have been all the things I re-phrased to avoid giving offence. Perhaps you should consider that yourself, next time. I'm not getting anything out of this now and I'm sure others have more than enough information about the subject so let's consider the matter closed. Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
