Before I dive into hacking a bunch of Tomcat source code, I would very much like to solicit the opinions of some more experienced users.
I need a form-login authorization scenario that integrates with some of my other webapps. Specifically, I need to know the username, real name and group info of the person who has logged in. I used to use Resin, and my solution was something like this: I created my own custom Authenticator class (similar to Tomcat Realms). Resin passed the HttpServletRequest to the Authenticator class. I queried a MySql database to verify login information, and then inserted some values from the database into the HttpSession of the request that was passed. That way, later on, my apps could look in the session to find out about arbitrary pieces of information I had stored about who had logged in. My initial thought was to create a custom Realm, but I don't see a way to access the HttpServletRequest that is seeking authentication. Have I missed something there? Does anyone have any other suggestions for accomplishing what I am trying to do? Is there a way to access the Principal of a given request after the user has been authenticated? Would it maybe be possible to create a custom Principal capable of storing the other properties I need? Any pointers, suggestions or ideas would be much appreciated. Also, if you know of any projects that have already done this, I'd love to check them out so I'm not reinventing the wheel. Gregg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]