Hello, I'm novice with Tomcat. I'm currently developing an application with access control based on forms (<auth-method>FORM</auth-method> in the web.xml) and on declarative security with a JDBC realm. I use the MVC model with servlets redirecting to jsp pages with (forward method of a RequestDispatcher). I understand that this security model does not apply to pages accessed by means of a RequestDispatcher. Then I wouldlike to know if there is a way to implement the following workflow: 1/ The web user opens a registration form (outside the secure area) to sign-in. 2/ A servlet respond to the request on form submission, create the user data in the database (giving access to the user) 3/ The servlet redirects directly the user to a page within the "secure area" and since this page is secured, the user is automatically asked for login info (via the login form declared in the <login-config> part of the web.xml) For the moment, what I get is: #1 and #2 are done correctly, then the RequestDispatcher send me to the secured page without asking for login. Thanks in advance!! Eric
--------------------------------- Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
