I searched for some time in various archives, bug databases, mailing lists etc trying to find this information but my searching basically hasn't got me far.
I want to set up container managed security to allow unencrypted sessions on protected resources, along with an SSL-based non-clear-text form-based login.
I discussed this partly with different people at different times, but was not involved (or not paying attention would be a better way to put it) when the servlet spec gurus discussed the issue.
Subsequently I have unanswered questions about the implementation of Servlet Spec 2.4, as done in tomcat5, that leave my requirement almost unattainable.
Thanks for any comments.
Adam
___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
