We use a filter to cache other data about a user in the session once they have authenticated. (see http://jaffa.sourceforge.net/documentation/presentation/sessions.html or the code @ http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/jaffa/JaffaCore/source/java/o rg/jaffa/presentation/portlet/session/UserSessionFilter.java?rev=HEAD&conten t-type=text/vnd.viewcvs-markup)
As you can see if we fail to get the extra data for the user we invalidate the session, (ie log out) and redirect to an error page. If you want a more complex version of the JDBC realm to add extra clauses for security look at http://jaffa.sourceforge.net/documentation/security/web/#realm Paul Extance -----Original Message----- From: Christian J. Dechery - ACCENTURE [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 6:54 AM To: Tomcat Users List (E-mail) Subject: Logging off container authenticated user I finally got a FORM-based authentication from the container (in this case, Tomcat) working. But I have a little doubt, how can I logoff this user? Cuz in my system, the login doesn't deppend only on authenticating him for username and password, I must validate some other stuff, so it would be interesting if I could authenticate him, and if I could not validate the other stuff, log him off and present a message. Thanks. _______________________________ :: Christian J. Dechery :: Accenture do Brasil :: CHT - Solutions Operations :: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]