Hugo Palma wrote: > I think the fastest way to achieve what you need would be to use > declarative > security(in the web.xml) together with friendly URLs.
Ok. I've done it differently. As I don't want to rely on page urls (whether friendly or not) I've implemented simple authentication page validator. It is registered on particular pages and does the following: 1) If user sent 'Authorization' header, decode auth details and check if they're OK. If yes go to 4. If not go to 3. 2) If no 'Authorization' header found - go to 3; 3) Sent 401 server challenge with 'WWW-Authentication' header; Redirect to "authentication required" page. Fast and simple :-) Not super secure, but that is not what I needed. This could be improved with failed login counter to break the loop :-) Regards, Bernard --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]