I searched for some time in various archives, bug databases, mailing
lists etc trying to find this information but my searching basically
hasn't got me far.

I want to set up container managed security to allow unencrypted
sessions on protected resources, along with an SSL-based non-clear-text
form-based login.

I discussed this partly with different people at different times, but
was not involved (or not paying attention would be a better way to put
it) when the servlet spec gurus discussed the issue.

Subsequently I have unanswered questions about the implementation of
Servlet Spec 2.4, as done in tomcat5, that leave my requirement almost
unattainable.

Thanks for any comments.

Adam

___________________________________________________________________________
To unsubscribe, send email to listserv@(protected)
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html