I am pretty sure that this is true, but just to get a sanity check, do the username and password come in as parameters to the servlet as part of the ServletRequest?
-- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>