Hi, My question is somewhat general.
BASIC authentication is well supported on web browsers, but it is not session based and there is no simple way to implement "logout". However it is great for program clients (like servlets). Form authentication looks fancier, is based on sessions, therefore a "logout" is simply a Session.invalidate(), but it is not easy for program clients to handle. Suppose some wants to write a simple servlet that "mails" another URL to the client. One way to do so is to use javax.activation.URLDataSource. However, because it works as a plain HTTP Conversation with the server (that is with itself!!), there is no way to bypass the securitiy issues invlolved. Has anyone any ideas on the matter?? ================================================================== Achilleus Mantzios S/W Engineer IT dept Dynacom Tankers Mngmt Nikis 4, Glyfada Athens 16610 Greece tel: +30-10-8981112 fax: +30-10-8981877 email: [EMAIL PROTECTED] [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user