Chris Johnston wrote: > I am wondering if anyone has any links to turorials or discussion > about how to handle login, authoraization and authentication for JSP. I would recommend starting off by reading Chapter 12 of the (2.4) Servlet Spec. For many or most apps, letting the container handle it through "Declarative Security" -- defined in your web.xml file -- is appropriate. And for a good example of implementing that, see the Tomcat manager webapp (look in $CATALINA_HOME/server/webapps). That said, if you decide to roll your own approach -- Filters are way cool :-) Any situation where your initial reaction is "oh, man, do I have to put that in *every* page???" -- is a great candidate for a Filter. Use in an access control mechanism would definitely qualify. FWIW! -- Hassan Schroeder ----------------------------- hassan at webtuitive.com Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code.