tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh G <>
Subject Simple security - or "Why is HttpJspBase.service final?"
Date Wed, 04 Feb 2004 01:23:01 GMT
Is there any reason that HttpJspBase.service() is final, apart from to make 
my life hard?

I'm trying to implement a _simple_ security system that intercepts requests 
before they get to _jspService() so that if certain conditions aren't met, 
a redirect occours instead. I don't want to use filters or anything like 
that if I can avoid it because I want it to be simple to use and I want the 
restrictions to be set in the page itself with the @page info= directive

Another thing that comes to mind, is that I assume that since service() 
simply calls _jspService(), can a browser not perform a HEAD request to a 
jsp page?

I don't particularly want to use a customised version of tomcat, even if 
the only difference is removing one "final"... is there another way to get 
around this limitation?


          "He likes to run, And then the thing with the.. person..
                ... Oh boy, that monkey is going to pay."

            [ Josh 'G' McDonald ]  --  [ Pirion Systems, Brisbane]

[ 07 3257 0490 ]  --  [ 0415 784 825 ]  --  [ ] 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message