We've been using J2EE based security for some time now, its working great for us supporting several hundred users distributed across a handful of servers.
Heres my issue - I have a set of things that happen on every page, a portion of which is looking for a 'new' login which then launches a series of things including doing database lookups, dropping stuff in the session, etc. Its occured to me that it would be significantly more effective if this was chained off the J2EE authentication, instead of checking on each page. I started looking into it and it looks like 1) its not part of the spec and 2) Orion has no specific implementation. The current implementation of J2EE security is so completely handled by the container that theres no way to get something in there. I then started going down the question of 'what is J2EE security except a filter?', so I could potentially chain a filter through there? It doesn't solve the problem because it still happens on each page hit. Anyone have any ideas on the best way to do 'postprocessing' when the user is authenticated?
