Hi, <p> My question is regarding using Tomcat (4.1.18) container security, with using a JDBCRealm along with a security constraint for FORM type loggin in. Ok, before I start confusing myself and you, let me be more clear. <p> I'm using Tomcat with win2k pro, and currently the system is running with no problems, except that I've "hotwired" the secuity mechanism using a servlet to check if a user in on the database in order to allow access along with some filters to check whether the session variables are still alive, and if not then the user is forwarded to a page in order to log in again. <p> My question now is if I use the JDBCRealm and the form login, how does that change the way users log in and access resources? I've noticed that in order for Tomcat to load the login.jsp page a user must try to access a jsp resource (I'm not sure if it works the same with HTML pages). And this works for any type of resource. The way I have the app setup right now is that if a user is logged in then he is rerouted, by a servlet to the apporpriate page (by the access level). If the session is dead, and the user is still in the app then a filter forwards the user to a "relogin" page. <p> What will I have to do in order for the j_secuity_check to get access to the user login servlet so that the users can still be taken to the appropriate page once they logged in? Also, if the session dies, does the filter forward the user to the relogin page or does the user get forwarded to the login.jsp page as specified by the <security-constraint>? I'm just not sure about how the requests are processed once I add the container security and how much will the way the user sessions are handled right now will change. <p> I thank you for your help and the time you took to read this message. I couldn't not explain it better shorter unfortunately =). <p> Lior
--------------------------------- Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
