Hi Joti - the benefit of putting stuff under WEB-INF is that it cannot be directly
served. That is, you can't go to your browser and get the server to list the contents of WEB-INF.
will NOT work. There may be stuff in your JSPs etc that reveals something of the structure of your app that might be used to help compromise security for instance.
You can however reference stuff within your html and JSPs as you discovered.
Does that help?
Actually Akbar, I disagree with your statement about putting JSPs under WEB-INF. Personally, I don't want a user to be able to read the text of my JSP files, and I tend to put the majority of them under WEB-INF for just that reason.
[ February 20, 2007: Message edited by: Daniel Dalton ]