I'll add my 2cents with regard to the "use servlets as controllers" and
"extend them from a base class that implements access control" method of
solving this problem. What I do is allow my base servlet class to accept
init properties like "requiresLogin=true" and "loginPage=/login.jsp",
allowing me to use the controlling servlet everywhere, even turning it on
and off at deployment time. That way, any page passing through the control
servlet can selectively be made secure.
--
Duane Fields
[EMAIL PROTECTED]
Learn JSP!: http://www.taglib.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
