> > 1. From what I read here, I saw that I should probably use > the FORM auth > > method, and that this page should not use any of the Struts tags. Is > > that right? > > It is best to use the FORM authentication because you can encrypt it > with SSL - otherwise your users' passwords will go over the > net in plain > text. > > I haven't tried using struts tags in the login form. From what Craig > said late yesterday about the login form (do a search on > j_security), it > is best to view it as totally seperate from your application - > essentially part of the container. > > >
Using filters from the servlet 2.3 specifications is a very nice way to manage auth/auth constraints. Since you can manage filters however you like, you can easily implement different levels of authorization for different parts of your site. Struts tags work fine in a login form however you get to it.