I have been debating the best way to authenticate users on our web app. The app is a Model 2 style servlet/jsp app with EJBs on the backend (AKA Java Blueprints). Our site has material that is graded for different levels of access. Our security needs are as follows. public access (Anonymous) Authenticated Access A Authenticated Access B Authenticated Access C Authenticated Access D Authenticated Access E Members of group B can see any public info and any info graded as A or B Members of group C can see public, A, B, or C info and so on... Think of the info as being classified (though it is not) as public, confidential, secret, top-secret, compartmented, etc. What is the best way to authenticate our web users? JNDI RDMBS (Oracle or SQL Anywhere) Other We would like the solution to be a single-sign-on solution and I have access to a copy of Netscape's Directory (LDAP) server (version 4.1) We have not yet chosen an EJB/Servlet/JSP container. Dave Bolt ATSC/SPAWAR ASAT Team Bolt's Law of Bandwidth - There is always plenty of network bandwidth, just none for you. =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets