Hi, I have been working with servlets & jsp since one year maybe, and I have been used to kinds of authentication:
1) Through the web server; eg: Apache Web Server access files: .htaccess, .htpasswd. 2) A bean installed in any jsp or servlet with a session scope that forward to the authentication page if the session bean variable login is equal to null if not, go ahead: <jsp:useBean scope="session" name="client" class="someClass"/> <%if client.login==null {%> <jsp:forwad page="authenticate.jsp"/> <%}%> But as you already know and I consider, both method are not really good but it fixed my problems for a while, so, I heard about Realm and so on. May someone introduce me a litle bit more about authentication's methods ? Thanks in advanced for the answers, Guido.