Finally it was easy: JDBCRealm stores the j_username and j_password as session variable and yout can get it via session.getAttribute either as JSP scriplet or as servlet. Just store it or get it through the first page after login. Sometimes it is worth studying the source code.. (here Securitytools.java). I do not know wether to store it as session variable is a slight security hole..maybe, but in Intranet environment the benefits of knowing the username and password - esp. for DB connections which are synchronized with the database access userids - is beyond security wholes. Regards Thomas
