Thanks for the quick response. I think I get where your comming from but if the container security kicks in before my filter won't that force me to authenticate twice, once for the say the FORM authentication and then again when my fiter does not find a valid sessionid?
Or are you saying it is possible to write a custom login module that will authenticate the user (say like the DatabaseLoginModule) and somehow add the sessionid to the request, then my access control filter won't grumble and I get a security context for my request, if this is option is possible that would be great, but where do I start? <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825743#3825743";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825743>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
