----- Original Message ----- From: "Steve Raeburn" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, June 29, 2003 3:16 PM Subject: RE: Sending a Redirect Directly from an Action Class
> > The *easiest* way in my assumption is that no one has direct access to the > JSP pages in the security constraints. > > Actually the easiest way is to place JSPs under WEB-INF but that was not > what we were talking about. That is an old practice and it may not be supported by all vendors in all versions of their server software. > > I'm not making assumption in that you flatly said that the JSP could not be > protected by standard security constraints and I pointed out that it could. > You may have misstated what you meant or simply misunderstood how it works, > but what you actually wrote was factually incorrect. > > In regard to your previous comment, 'unprofessional' would have been all the > things I re-phrased to avoid giving offence. Perhaps you should consider > that yourself, next time. When making recommendations, I am assuming the best practices of the MVC models for simplicity of the statements. They include no protections on actions and no direct accesses to JSP pages. They are clear concepts to every morden MVC expert. Later you added your assumptions to protect actions, then added your assumptions to use the security constraints in old ways which are suitable for the Model 1 things. As to why the ways you described to use the security constraints are junked ideas, I will discuss sometimes later. It looks to me you don't understand they get dumped in morden MVC models, so you use them or recommend them in your *professional* ways. > > I'm not getting anything out of this now and I'm sure others have more than > enough information about the subject so let's consider the matter closed. > > Steve > > Jing > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]