Search the archive. The short answers are below. Andreas Schildbach wrote:
>Hello! > >I am using Container Based Security with the Tomcat 4.1.9 beta. >Current I have Form based Authentication configured. > >I'd like to allow the user to authenticate before he tries to access a >resource that is protected by security contraints in web.xml. > So would we all! >==> Is it possible for a Servlet/JSP to force authentication for a user >(maybe by calling a method)? > Nope. There are work-arounds though, I believe. One of them is JAAS. >I'd also like to offer a 'Logout' button to the user. > >==> Is it possible to remove the authentication other than telling the user >to close the browser? > Invalidate the session. Note that the session will not show up as invalid until the next request. In other words, don't forward from the logout, redirect from it. >Thanks, > >Andreas > Regards, Eddie -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
