Frank Beck

Hopefully, this is the right forum and there is no thread on this already (I did a search).
We have developed simple "services" using servlets that query databases based on supplied parameters and return relevant data in XML format. The servlets run under WAS on a Solaris box. The clients of the services will be web application (mostly ASP and CF on NT boxes). We have taken the simply approach of locking down access to some of the services by the requesting IP address, but we want the ability to lock down access by the requesting application. That is there may be multiple web applications on a given server, but we want to limit access to a given service by the requesting application. Anyone have the answer or any ideas? Thanks!

Thanks! Sorry I didn't look for the threads before posting.

When should a HTTPSessionBindingListener be used instead of a HTTPSessionAttributeListener? I am sure I am missing something - I did look over the specs and JavaDocs. Is the binding listener based on the deprecated value methods? Thanks!

When should the HttpSessionBindingListener be used versus the HttpSessionAttributeListener? I know I am missing something, but the two listeners seem somewhat repetitive. Is the Binding Listener based on the deprecated Value methods? I probably missed it but I have looked at the JavaDocs, the O'Reilly tutorial, and the Specs over the last couple of weeks. Thanks!