Take a look at Acegi Security for Spring Framework, http://acegisecurity.org/
It is a complete, container non-specific framework. The web part of it is configured as a filter (a chain of filters) in your web.xml. The SecurityContextHolderAwareRequestFilter class there publishes acegi-specific security context into HttpRequest, so that the principal is available as request.getPrincipal(), etc. You may start by running the examples available there. Although I have never tried to configure it without Spring Framework, but it nevertheless may be worth looking at. -- Best regards, Konstantin --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]