The other option is to use the 'isUserInRole()' call on request and if it's true show the logout link, else show the login link. That way you don't have to manage it.
I'm on an "I'm all about the container" kick and the more I leverage what the container provides over writing things like this myself, the more I like it. For the most part it's transparent across containers. -----Original Message----- From: QM [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 10:01 PM To: Tomcat Users List Subject: Re: JDBCRealm authentication on every page On Mon, Oct 18, 2004 at 11:41:51AM -0500, Graff, David wrote: : I think, but this may need elaboration, that Deigo want's to put a "login" : box on all pages when the user has not authenticated and not show it after : login. Ah, gotcha. Instead of showing a login box, what about a login *link* that points to a landing page inside a protected area? You could control the link's presence based on a (very lightweight) session attr: if it's defined, show a "logout" link; if it's not defined, show a "login" link. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]