This is actually the 2nd part of a question I posted in the Resin forum and it was really a toss up between JSP and Servlets, so I flipped a coin.... When developing Web Apps that you hope to deploy to any App Server adhering to the J2EE specs, is it better to develop your own authentication methods or is it better to use the App Servers authentication/authorization and just provide implementations/configs for every app server? Basically, I am only speaking of logging into a web app using Forms authentication or Basic authentication. I am not talking about SSL. Thanks.