Hi, I am developing an application where there is a need for extended authentication, in addition to that of usernam/password, some additional challenge/response
Is there any way to protect a web app so that the extra parameters can be prompted for in a 'standard' way I know that I can use froms based authentication, but how do I separate the username/password validation from the forwarding of the request. Ideally I would like to validate the usernam/password, and then take the user to a subsiquent page that does additional validation. I had a look at JAAS to do this, but I cant see that this can be plugged into a web app, without redeveloping the web app to explicitly check, which rather defeats the purpose of the security system in the first place. Is there any way to do this. All that I can think of is by using a filter for all of the secure area which is processed after the security check pass, but this means a re-implementation of the facilities of the j_security_check which is hardly neat Any ideas Mike -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
