On page 120 of the servlet spec., it is stated referring to the <form-login-page> element in the <security-constraint> section of an application's web.xml: ~ The form-login-page element defines the location in the web app where the page that can be used for login can be found. The path begins with a leading / and is interpreted relative to the root of the WAR. ~ How could you then specify a different (virtual) host accepting only https connections, that would authenticate the user and then somehow communicate to the particular webapp Sec Realm so the user is authenticated? ~ I think the supposed login page could redirect to that host's login page, but how could that virtual host redirect back to the regular pages? ~ How do some sites out there implement something similar to this? ~ thanks lbrtchx
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]