Joel, I wouldn't use the Security in the spec - ie don't use j_security_check servlet...
Write your own authentication mechanism that will tie into this third party. You can write a filter (as of servlet spec 2.3) that will restrict access to certain url by first redirecting them to a logon page. Does this make sense? I have written applications that do excatly what you are talking about so if it doesn't, respond with what I need to expand on. Hope I can help! Abe -----Original Message----- From: Joel Baker [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 04, 2002 11:55 PM To: [EMAIL PROTECTED] Subject: Customising the logic behind Container Authentication (j_security_check) Hi there, The webapp I'm currently developing uses the j_security_check method of authentication. That is, when authentication is required (ie: when a client tries to access a restricted resource) the client gets directed to the file specified in the <form-login-page> tag in my web.xml file - in this case this file is login.jsp. This JSP presents a form to the client whose action is j_security_check, an internal Tomcat servlet (though it is more general than Tomcat, being in the Servlet spec) that processes this response. When the user is authenticated, based on her username and password, by the j_security_check servlet she is returned to the resource she first requested. However, I am needing to set further login tokens based on the username and password given and am thus looking to somehow intercept the j_security_check servlet - ideally without rewriting it. This is because I am trying to create an authentication token for a third party web application (and thus creating single sign on as the third party web app doesn't use tomcat container authentication) at the same time as logging into the main site. If anyone has any ideas I would be, of course, very grateful. Joel Baker. -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
