[EMAIL PROTECTED] wrote:
I'm currently working on a web app which will be available publicly. In the past I've secured my webapp using Tomcat's form based security. This works fine if you require a user to log in as soon as the webapp is initiated (as is the case with most internal web apps). However, with my current webapp there is definitely a need for browsing before creating a user id. How can I organize my webapp so that some of the content is available to anybody, but other parts can only be done when the user logs in? This may also be tied into when to use http and when to use https. Any hints or links are welcome.
You can limit the resources that are protected by container managed authentication in the deployment descriptor. Whichever Action requires authentication, just make sure that you've specified it as requiring such in the web.xml.
Erik
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
