Hi Vadim, I've spent the morning reading through the servlet specification and only found the well known Request class that will give me the user (getRemoteUser()) after they have already been authenticated. Can't find anything about actually getting the browser to present the username/password challenge.
I'm guessing that I need to get hold of some tomcat class from within my custom cocoon classes that allows me to specify realms, and provide authentication info for validating users. Can anyone think of any of the classes involved to narrow my search? I'm guessing that this has been done perhaps a million or two times before, so I'm wondering why it's so hard to find examples or why no-one seems to know how to do it. It seems like a classic case to be included in the cocoon examples. There is a protected area example but it's really just another form example. Perhaps the protected area example in cocoon could be updated to demonstrate basic realm authentication. I've had to implement this kind of thing once before using 'jigsaw' but jigsaw's internal security was specific to jigsaw so its no help to me now, worse luck. :) Still, I'm guessing that it will be something similar in tomcat. If there's someone who has achieved basic realm authentication from within cocoon, is it possible to get an example or some advice on which API to look at? Thanks again. Have fun, Phil --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>