[ajug-members] JSP justification??
philion at acmerocket.com
Tue Jul 20 15:24:15 EDT 2004
A short (but cohesive) answer would be:
Use the import directive to import a "component" at translation (very
<%@ include page="header.jsp" %>
Use the jsp:include to include at request-time (less efficient as it
adds the overhead of additional request processing, but more flexible):
<jsp:param name="pageTitle" value="newInstance.com"/>
<jsp:param name="pageSlogan" value="Some Slogan" />
To make sure that the "JSP components" are not directly accessible,
store them in the WEB-INF directory. The container cannot serve JSPs (or
any content) stored in that directory.
Also, if you are using a framework that uses a dispatch
servlet/controller (model 2/MVC), then you can store *all* JSPs in the
WEB-INF directory and then use RequestDispatcher.forward.
- Paul Philion
Acme Rocket Company
Lykins Don H Contr AFSAC/ITS wrote:
> I have been asked to justify my request to use JSP's.
> The main issue appears to be with security..
> 1. how is everyone securing their JSP's
> --- so you can't type the URL's directly.
> 2. Do JSP's facilitate re-use? if so, how
> 3. Any large financial institutions using JSP's for secure transactions?
> Don Lykins
> 937-257-4295 x4539
> don.lykins at wpafb.af.mil
> ajug-members mailing list
> ajug-members at ajug.org
More information about the ajug-members