Don, I don't think you can since <login-config> is the element that specifies what authentication mechanism to use. and it is the direct child of <web-app> and the cardinality is 0 or 1. So for a given application you can only use one authentication mechanism. Correct me if I am wrong anyone. Thanks Sean
Let me know if I am wrong but couldn't different web apps have different web.xml files? In that case, couldn't the authentication be different for these two apps? Does authentication have to be the same for two servlets in the same web app?
Authentication is to validate credentials of the client/user accessing the web-app. Once authenicated, user may be authorized to access certain resources and not others. Authentication is done once for the entire app, and each web-app would have its own web.xml to specify the Authentication method. So - I guess, I don't see a reason why servlets should care about Authentication mechanism.... [ December 06, 2002: Message edited by: Rama Raghavan ] [ December 06, 2002: Message edited by: Rama Raghavan ]