Hello: I am confused about how I can get users to authenticate themselves before accessing a servlet in my web application. I tried to look at th archive of this list, but the search function is broken. Therefore, I have been reading the servlet 2.3 specification and added the following lines to my application's web.xml file: <security-role> <role-name>admin</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>AdminServlet</web-resource-name> <url-pattern>/videosearch/servlet/AdminServlet</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> But, when I visit /videosearch/servlet/AdminServlet, I get the result from the servlet without it asking for a login. Also, I dont understand how I can set-up the password. Any guidance would really help. Thanks, Neil. -- Neil Aggarwal JAMM Consulting, Inc. -- (972) 612-6056, http://www.JAMMConsulting.com Custom Internet Development -- Java, JSP, servlets, databases