I've seen the proposal of Andy Flury about Basic Auth, but i don't understand how it will integrate in Jetspeed arch. I think that if i define a screen that i'd like to protect of type Login, any page i get will ask me for auth, due to WWW-auth Basic header. To get out of that i have to define screen (data.setScreen) on the fly, during the execution of an action, which have to be invoked throught some link which must have an action.
Why don't rely on the servlet container (TOMCAT or the one you use) for authentication and let the portal manage authorization? Any comment is welcome... William --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
