Howdy, >>why dont you use filters (standard) or valves (tomcat specific) >> >>filip > >It's looking like I'm going to have no choice, but I don't want to because >I want the security simple, and I want to keep the security settings for a >page in the page itself.
What happens when you have 10 pages with possibly different security policies? You should take Filip's suggestion and use filters. You can also customize tomcat as you noted. Or use any of the standard security approaches provided by the Servlet Specification, e.g. BASIC or FORM authentication for your one page declared in web.xml. It's certainly simpler than your approach because you don't have to write ANY code. I'm not a big JSP expert but I think the service method has to call only _jspService, right away and nothing else, by the JSP spec (2.0) and that's why the method is final. But I'm not sure, and I didn't write the relevant code. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
