Hi,
My question is somewhat general.
BASIC authentication is well supported on web browsers, but it is
not session based and there is no simple way to implement "logout".
However it is great for program clients (like servlets).
Form authentication looks fancier, is based on sessions, therefore
a "logout" is simply a Session.invalidate(), but it is not easy
for program clients to handle.
Suppose some wants to write a simple servlet that "mails" another URL
to the client.
One way to do so is to use javax.activation.URLDataSource.
However, because it works as a plain HTTP Conversation with the server
(that is with itself!!), there is no way to bypass the securitiy issues invlolved.
Has anyone any ideas on the matter??