I was talked into putting together a small website for a friend.
It has some features that require users to be logged in. (basic register account, login, change profile, password, and the forgot password) and some business pages that only logged in users have access to.
Can someone point me at:
some good references to implment this in my j2ee app.
lessons learned the hard way
I oddly realized that in all my years, I have never wrote the authentication part of my J2EE apps.