I am trying to use form based authentication using cocoon. I am unsure what settings I need to have.

I have a simple application with 2 pages. One is the login page and the other is a page to submit data to a database.

The login page needs to be insecure but the other page needs to be secure.

The cocoon servlet is mapped to /servlet/*
So what could I put in my security-constaint's url-pattern to allow for this situation. If i put in /servlet/* then a user cannot get to the login page because it is secure.

Cocoon 1.8.2
JBoss-2.4.1_Tomcat-3.2.3