Or in fact anybody who's not busy discussing why nobody discusses anything on this list.... ;)
All I want to know, and I can find it despite looking all over the net and asking on tomcat-user & tomcat-dev & struts-user as a couple of people already recommended, is:
I want to set up container managed security to allow unencrypted sessions on protected resources, along with an SSL-based non-clear-text form-based login.
It is not possible without a major major work-around involving storing flags in the DB (as of servlet 2.4).
Anyone?
___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
