Hi Jixiang,
The Authorization module and template are not intended to secure communication, but rather to authenticate users and determine what level of application access to provide each user.
If you wish to secure communication between client and server, regardless of whether user is authenticated or not, you must configure SSL, see http://www.tersus.com/#Id=6056 for more info on this.
As you rightly figured out, the Authorization application template should be setup with the not_authenticated version, and I think your confusion in that matter is fully justifiable, so I added some clarifications regarding this to the server setup instructions (see http://www.tersus.com/#Id=242 right after the web.xml discussion).
Regards,
David
To use the full functionality of this web site, JavaScript needs to be turned on.
For best results, use the Firefox browser..
Copyright © 2003-2017 - Tersus Software Ltd., All rights reserved. Terms of Use License Graphic design by EmaraDesign