> What are the factors involved in selecting form-based > authentication over, say, custom authentication which > can be simple to implement based on a db of registered > users who have or don't have an indicator stored > in their session(representing a login)?
One factor to favor form based authentication (or any other type of J2EE standard type authentication) is if you want to do declarative or programmatic security on your EJBs. -TPP -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>