Is there an argument to be made for/against checking for authentication in every JSP? Maybe via a custom tag or some such thing.
The argument that I am hearing is that it is useful to show different content based on the user authentication state.
If I use a filter or container managed security that means I can protect a set of directories and JSP's in them, but I cannot provide different versions of the same JSP based on the user auth state.