Dear Joanne, String username = request.getRemoteUser();
That does the trick for me. As far as the password, this is what I do. Protect a servlet or jsp(lets say /login) where you want to get the vital information from within your web.xml. Since you have already used form-based authorization...you know how to do this. Lets say the servlet is /login, from within the post (because all processing of form-based stuff is post) processing, you can do this: String username = request.getRemoteUser(); String password = request.getParameter("j_password"); And then you can do stuff with this (for example, encrypt the password and username, and create some authorization cookies). After you do stuff, you can forward to other protected resources. This is all assuming you already have a user. If you want to programatically create a user, you use the roleManager interface to do this (by using roleManager, you can change your usermanager later without having to change any code). RoleManager manager = (RoleManager)new InitialContext().lookup("java:comp/RoleManager"); Principal principal = manager.createPrincipal(username,password,....) you can also add principals to various roles with manager.addToRole(principal,role); or remove from role manager.removeFromRole(principal,role); You can even programatically log somebody in... manager.login(username,password); or even remove the user manager.remove(principal); Its really quite flexible. A little like JAAS, but easier to use. Regards, the elephantwalker www.elephantwalker.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian, Joanne Sent: Wednesday, February 06, 2002 9:30 AM To: Orion-Interest Subject: Username and Password HI All, I'm new to J2EE and Orion. I have set up form-based authorization using DataSourceUserManager. Super! >From my initial jsp and/or servlet (not the login page), I would like to access the username of the person who just logged in. How can I do this? I have tried to get attributes from the ServletContext an the session. I have also tried various other things I'd rather not mention . . . So: How can I access the values of j_username and j_password once the user has been logged in? Also, where and what is j_security_check? Thanks, Joanne