I want form-based container-managed authentication on my app.
I also want to allow cookies to be disabled.
And I want to keep my JSPs under WEB-INF for security.
It seems I cannot have these 3 combined, because disabling cookies means I have to do URL rewriting in the login form action URL, therefore my login form has to be a JSP and cannot be just plain .html .
But while I do not want any JSPs outside of WEB-INF, I can't configure my login form to be in WEB-INF.
Is this true, or is there a work-around?
Thanks Adam
-- struts 1.1 + tomcat 4.1.27 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
