Hello, Orion 0.8.3, JSP If a <security-constraint> is placed on a url pattern in <web-app>, I have found that the form based login mechanism works correctly when the particular url is requested directly. However, if I create a page that's url is not within the <security-constraint> url pattern, and then inside this page, I forward the request to another jsp page that would fall under the above mentioned <security-constraint>, the login mechanism does not kick in. Access is granted to the page without request for login. I am assuming that the security mechanism checks the url that is inside of the http request, and therefore may not know that the request is being forwarded. It would be nice if the security code could also be added to the forwarding modules. Thanks! Evan Vaala
