Whilst I think everyone who writes JSPs and Servlets should read and understand the specs before they start writing any code - and for that matter before they post to the Tomcat user list ;) - this wasn't the reason I pointed you towards the servlet spec. Neither did I do it for kicks. Quite simply, the spec answers the questions you asked - see my response below.
More generally, the Servlet spec defines how a Servlet container should behave. It covers more than just the javax.serlet.* API and includes, for example, authentication. > From: B Wiley Snyder [mailto:[EMAIL PROTECTED] > There isn't a j_security_check servlet. <----- then why does > it act like one ? Because that is how the servlet spec says it should act. > The places to start are: > - servlet spec <---- if it's not a servlet why do I need to > review the > servlet spec ? Because the servlet spec defines how it works. > "Configuration is automatic if you specify FORM > authentication in your web.xml" > > my point exactly ...."configured automatically"... > > my question was is there a step by step break down of the > process involved > in authenticating a user using j_security_check ... Yes, the servlet spec. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]