I was looking through Craig McClanahan's excellent JavaOne BoF on Security (http://servlet.java.sun.com/javaone/conf/bofs/1291/0-sf2001.jsp) and had a question. He notes on slide 17 that using a role called "*" will allow anyone access to this constraint as long as they can be authenticated by the server. My question is this: Is this part of the 2.2 or 2.3 specification? I can't find it in either and I can't get it to work in a couple of containers that I have lying around (Jrun 3.0, 3.1 and Orion 1.4.2). Does anyone have any ideas or should i just snag Tomcat 4? mark ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
