Hi all!

I'm going to develope for the first time a web application using JEE with Servlets, and for the user's authentication and authorization I'm going to use container-managed security, as recommended by the JEE 6 tutorial, in a typical fashion: the user presents username/password once for the login, and next he/she presents a session id within a cookie. Finally, he/she can logout.

My question is: is it possible to achieve that only with declarative security, or am I forced to use programmatic security?

Thanks in advance!