Originally posted by Gregg Bolinger:
I have good information from someone that in a true MVC environment one should never call a JSP directly. What I mean is you should never see:
http://server/page.jsp
Rather you should see something like
http://server/page
So basically, let a servlet or a front controller or a delegate of some sort always determine the view. While part of me understands this approach, I still don't fully understand what this accomplishes.
I am just wondering what everyone else thinks about this.
Most of the times, when you receive a request, you have to do some checkings before delegating the request to a particular view (check if user is authorized to access that page, check log in status, etc). This is the reason, IMO, you should always delegate your request to a controller (It doesn't necessarily need to be a servlet, it can even be a JSP without any presentation code. Bit weird, but I've seen cases of that).
We tend to think that our web application will have the flow of events in which we program it. But that never happens. A user can bookmark a JSP once he's done some stuff (signing in, etc) and come back to the same page the next day. If we access our jsp's directly, we'll end up having lots of
java code/validation in our jsp's, and we all know this is not a good approach.
I've read an article once that explained why JSPs should be declared under the WEB-INF directory, so it should never be accessed directly. One of the reasons was security.