[ajug-members] JSP justification??
Paul Philion
philion at acmerocket.com
Tue Jul 20 15:24:15 EDT 2004
Don -
A short (but cohesive) answer would be:
Use the import directive to import a "component" at translation (very
efficient):
<%@ include page="header.jsp" %>
Use the jsp:include to include at request-time (less efficient as it
adds the overhead of additional request processing, but more flexible):
<jsp:include page="header.jsp">
<jsp:param name="pageTitle" value="newInstance.com"/>
<jsp:param name="pageSlogan" value="Some Slogan" />
</jsp:include>
To make sure that the "JSP components" are not directly accessible,
store them in the WEB-INF directory. The container cannot serve JSPs (or
any content) stored in that directory.
Also, if you are using a framework that uses a dispatch
servlet/controller (model 2/MVC), then you can store *all* JSPs in the
WEB-INF directory and then use RequestDispatcher.forward.
- Paul Philion
Acme Rocket Company
Lykins Don H Contr AFSAC/ITS wrote:
> I have been asked to justify my request to use JSP's.
>
> The main issue appears to be with security..
>
> 1. how is everyone securing their JSP's
> --- so you can't type the URL's directly.
>
> 2. Do JSP's facilitate re-use? if so, how
>
> 3. Any large financial institutions using JSP's for secure transactions?
>
>
>
> Don Lykins
> AFSAC
> 937-257-4295 x4539
> don.lykins at wpafb.af.mil
>
>
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members
More information about the ajug-members
mailing list