Quoting Hassan Schroeder <[EMAIL PROTECTED]>: > Koon Yue Lam wrote: > > > yes, the .js and .css are externally-accessible, but the .jsp aren't .... > > so my jsp can't refer to those .js and .css > > Of course they can; most of my sites work this way. > > Your JSP is sending HTML to *the client UA* with the URL of the CSS > and JavaScript files -- it's the UA that retrieves them. > > > and after viewing this thread, I think I would take QM approche but u > > mentioned I can put all jsp into one folder and protect it. How? Is it > > a web container level or OS level protection ? > > From a previous thread, it seems that one container (BEA, per Wendy > Smoak) doesn't support forwarding to JSPs under WEB-INF.
Sure, 6.1 didn't. 8.1 certainly does. I've tried it and it works just fine. Time to upgrade to a modern container. > Perhaps the > ambiguity in the spec will be resolved next time around. But since I > have no current plans to use anything but Tomcat, the "portability" > argument carries no weight here -- I put my JSPs in WEB-INF and let > the container provide the "protection". No fuss, no muss :-) > Exactly. Jake > FWIW! > -- > Hassan Schroeder ----------------------------- [EMAIL PROTECTED] > Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com > > dream. code. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]