tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anthony Eden" <>
Subject RE: OT: RE: Security (Struts/Turbine)
Date Wed, 24 Apr 2002 15:37:46 GMT
Personal experience (and personal mistakes).  When the boss is breathing down your neck about
some feature which they
desperately need and that feature is easy to implement with a little bit of code in a JSP
page...well the temptation is
very strong and the means to exploit it exist so the easiest route is taken.  There is instant
gratification because the
JSP is automatically compiled and the feature can be used immediately.

Now, this becomes really problematic as the projects begin to age.  It is easy to have duplicated
code, bugs which are
in one part of the code but another, alternate implementations of what are the same features,
etc.  All of this can be
avoided by properly designing and implementing features using beans and taglibs and such,
but the facilities for just
"hacking" the JSP are still there and will always be tempting.

With Velocity, there are no facilities for placing Java code directly in the page.  Velocity
is designed as a simple
language which supports a small number of view-related functions (retrieving values from a
context, simple foreach
looping, etc).  IMO, this simplicity is precisely why it is so powerful.

FWIW, I think that the best thing to do at this point for web development is to use a framework
which is flexible and
which provides integration with at least one templating language which is NOT JSP.

Anthony Eden

PS. For those who are interested in comparing the different open source Java web frameworks
which are available, please
visit the Wafer project at .

> -----Original Message-----
> From:
> []
> Sent: Wednesday, April 24, 2002 9:10 AM
> To: Tomcat Users List
> Subject: Re: OT: RE: Security (Struts/Turbine)
> Anthony Eden wrote:
> > <snip>
> >
> > > Sure, speaking about power, JSPs would be much powerful than Velocity
> > > templates, IMHO.
> >
> > But at what price?  The power of JSPs can be so easily abused even by the best developers.
> > <snip>
> Do you have a reference on that, or some thoughts you could briefly share? Thanks.
> P.
> --
> To unsubscribe:   <>
> For additional commands: <>
> Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message