Hi,
I have two questions regarding declarative security ( I use
JBoss2.4.x+Tomcat4.0 + struts1.1, on suse linux7.2 - ):
1. Is tomcat 4 supposed to be able to distinguish previously
authenticated users from unauthenticated users?
I assumed the answer to this question is yes because otherwise the
user would have to undergo the entire authentication process repeatedly
for each request that he submits within a single session.
2. Is tomcat 4 supposed to be able to do the above (i.e. remember a
user's logged-in-ness) regardless of whether his current request was to
a secured resource? (again assume requests are within the same session).
cheers
jfc
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
