Greetings, I wanted to offer some code if anyone is interested. I have seen many discuss security on archives and wanted to offer an alternative to container managed security.
I spent some time weighing out whether to use container managed security or not and came to the conclusion that I would use a filter for security. There were several inflexibilities in the spec for container managed security. I wrote a security filter that functions very similar to container managed security. It has an xml config file that is used to protect urls. There are a few differences in the config and how you define protected areas and where you are directed. Basically there are three areas of greater flexibility. 1) you can define several security-constraint groups with different login pages. 2) you can login easily without having to hit a secure page first 3) you can set up an app specific security realm. (This can also be considered a limitation if you are maintaining cross context security, but you could easily tie into a larger security system if this is needed) Anyways, it is not the "standard" but it functions well and gives greater freedom. I found container managed security to be a greater "hack" job when I wanted to accomplish my goals. If anybody is interested I can post it for review. It is certainly not mature and the code is fit for my current situation with an eye to greater flexibility. I think that it could provide a good starting point for a cross-container simple alternate solution to the current container managed security. P.S. I have to improve the documentation :-) Thanks for your time, Brandon Goodin Phase Web and Multimedia P (406) 862-2245 F (406) 862-0354 [EMAIL PROTECTED] http://www.phase.ws -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>