> I am using <auth-method>Form
> Can I have more then one protected area? can I assign to different
users
> different protected area?
> maybe if I define more then one <security-constraint>?
As I understand it, you can have more than one <security-constraint>,
and you could put a different <auth-constraint> in each one.
What *I* find troubling is that <login-config> is defined *outside* of
<security-constraint>, which I'm taking to mean that you can only have
one type of authentication per webapp as opposed to being able to
specify different login methods depending upon which part of the webapp
you're trying to get to.
> security per page: How can I define permission for HTML or JSP page?
Use <url-pattern> in <web-resource-collection>. You can probably make it
as specific as a single page.
- Joe
