On Thu, Apr 01, 2004 at 04:38:49PM +0200, Malcolm Warren wrote: : With BASIC authorization, which I used to use, the browser was sent an : "Authorization" header. : : This doesn't happen with FORM-based authorization. : I believe Tomcat deals with it all, but how? Anybody know?
Not sure I understand your question -- with FORM-based auth: - the container detects an attempt to access a protected resource - container sends requestor to designated form page, which posts to the blackbox "j_security_check" - success => user is taken to originally-requested page - failure => user is taken designated "no-go" page Is that the answer to your question? btw, please start new threads for new topics -- replying to an old message plays hell with thread-aware mail readers, even if you change the subject. ;) -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]