On Sun, Dec 26, 2004 at 10:31:32PM +0800, Koon Yue Lam wrote: : Hi, I want to protect my JSP from direct access, so they can only : access by Struts action.
So far, so good. First, you don't want to put your JSPs under WEB-INF (as mentioned in your subject line). That makes your webapp less portable, because not all containers support storing content there. Second, you could look into auth constraints (see the servlet spec). Map "*.jsp" to a constraint to which no user has access. Either that, or put all of your JSPs under one directory that is protected. Either way, this is possible. : If I want to include some Javascript or CSS to a JSP, I can't ! : Because .js and .css needed to place directly under WebRoot : : My solution is to use <jps:include> to include all those Javascript : and CSS to JSP, but then the JSP will look very ugly and fill up with : long long non HTML stuffs ...... which is not so nice Why would it matter if the compiled servlet code is "ugly" due to the inclusion of the CSS, JavaScript, etc? It's already ugly because of all the print() statements. =) There's a tradeoff between letting clients download static files vs including them in your JSP at runtime. The former option lets clients cache the static file because they download it once for the entire time they browse your site. Then again, making an entire page a single download (using the runtime <jsp:include>) makes the page self-contained and is thus a courtesy for those who want to save the page for later viewing/printing. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
