All, Im in the process of re-engineering an application and I am focusing on how to implement the security. The current application uses a combination of security checks within the action classes and jsp custom tags based upon a user session object. After reading more about the form-based security provided by J2EE compliant app servers however, I am thinking that server based security is a more robust solution. Im curious how other developers are approaching security. If you are using application server managed security, have you run into any limitations, or has it been a better approach than a custom solution? Thanks,
Pete Serafin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
