Re: JSP and Servlets
JSPs are servlets: when you call a JSP the app. server generates a servlet source code (you can look at it in the server's temporary directory) and compiles it. Knowing this, you will see that there's no difference between the two from the security point of view (unless you make JSP source code available to users; but then againg, this could happen to the servlet source code too).
Originally posted by c_monty
I am new to the Java environment and had a question(s) about JSP and Servlets.
It is my understanding that Servlets existed before JSP. Once JSP hit the scene, everything done in Servlets could be replicated in JSP (and then some).
Is it 'normal' practice to have the two interact with each other, or would you normally choose one over the other but not both?
The reason I ask is becuase even though you are able to replicatie Servlet capabilities in JSP, if you use JDBC (for example) on your pages, you are in essence giving your web server permissions to sensitive areas . This is a security risk.
When you put your JDBC logic in a Servlet, you know where that servlet lives and that it's protected. In essence, the security risk is greatly reduced.
Unless my logic is foolish, how then do you do you facilitate the communication between JSP and Servlet?
Is it as easy as having the form action point to the servlet (<url-mapping>) and then having the servlet redirect based on the data submitted?
Interaction between servlets (including JSPs) is done by HTTP request redirection or forwarding, or, as with any Java class, by calling other class' methods.
"It does not work" is not a valid problem statement.