Michael wrote:
> I feel that the user should never get a login
> page when clicking on the logout link, and should never get the logout
> page when logging in. Yet with container managed security protecting
> *.do this is exactly what happens.
Yes. The answer is to not put a security constraint around "*.do".
What I did was put a security contraint around "/s/*" and then definte my
"secure" actions with that prefix ("/s/account.change.do", "/s/login.do",
etc.). In your case, it sounds like that'd be every action except for logout,
but I had a number of other actions that I wanted accessible before login
(create new account, read marketing propaganda, etc.).
Bruce
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
