Yes this is what we have found. Therefore, we have created our own by revealing several request methods through the facade. This works great for us, but doesn't lend itself to sites that host for multiple organizations. Since this is very useful for complex web sites, I would consider submitting some work in this area if I could get some input from the team. The proposed method would reside in the request facade (?), ie. request.assertPageAuth(pathToCheck). Along with this, the ability to authenticate/authorize is necessary. Which I have also implemented in my servlet container. Who on the team is working in this area and would be willing to help or give some useful design input? Charlie >>> [EMAIL PROTECTED] 11/28/00 03:42PM >>> Charlie Hinson wrote: > Is there an easy way to tell if a page is going to require >authentication/authorization before it is dynamically included within a jsp/servlet. > > Charlie If you are using container-managed security, pages that are included (with <jsp:include> or RequestDispatcher.include()) do not have security constraints applies against them. The servlet container only looks at the request URI of the original request to decide what security constraint to apply. If you are managing security inside your own application, the answer to this question is totally dependent on your application. Craig McClanahan
