You could always recompile HttpJspBase and declare service() to be non-final
then place it in your classes directory which overrides lib. Then you can use
your own class to extend HttpJspBase.


-Tim

Shapira, Yoav wrote:
> Howdy,
>
>
>>>why dont you use filters (standard) or valves (tomcat specific)
>>>
>>>filip
>>
>>It's looking like I'm going to have no choice, but I don't want to
>
> because
>
>>I want the security simple, and I want to keep the security settings
>
> for a
>
>>page in the page itself.
>
>
> What happens when you have 10 pages with possibly different security
> policies? You should take Filip's suggestion and use filters. You can
> also customize tomcat as you noted.  Or use any of the standard
> security approaches provided by the Servlet Specification, e.g. BASIC or
> FORM authentication for your one page declared in web.xml. It's
> certainly simpler than your approach because you don't have to write ANY
> code.
>
> I'm not a big JSP expert but I think the service method has to call only
> _jspService, right away and nothing else, by the JSP spec (2.0) and
> that's why the method is final. But I'm not sure, and I didn't write
> the relevant code.
>
> Yoav Shapira


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)