I just started testing realms with the default installation that comes with Tomcat 4.0.1, so I'm using the MemoryRealm. I'm having an issue where if I place a servlet in a non-secure area and a jsp page in a secure area that I can use:
getServletContext().getRequestDispatcher(url).forward(request, response); from the servlet to seemingly bypass the security addressed by the realm and forward right into the secure area without authenticating. Can anyone tell me if this is by design, am I doing something wrong, or if this is maybe a bug. Thanks Mark T. __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
