Hi, I have a web application running on tomcat. there are 2 httpServlet in that web app. how can i limit user access to one of the httpServlet? I read the example application in tomcat under \tomcat\webapps\examples\jsp\security which demo form base authentication. I looked through all the property files but can't find where it defines the directory restrict access. OR the defualt dir is \protected on the same directory as JSP? i really not quite sure how it works. thanks. __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/