Chris, Thanks for all your help so far. I have the Security Filter working now (I had never used filters before, so I had a lot of reading to do), and my bespoke realm is now inheriting from SimpleSecurityRealmBase instead of Realm, and is now located in my application instead of in a jar in tomcat/server/lib). Although this still doesn't appear to give me access to the IP address. I have tried to find the FlexibleRealmInterface you mentioned, but can only find one mention of it on the entire internet, and that is in another post you made on a different mailing list. Where do I get this? Kerrin
>>> On 27/02/2008 at 14:19, in message <[EMAIL PROTECTED]>, Christopher Schultz <[EMAIL PROTECTED]> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | I have investigated Security Filter, and I don't see how that gives | me access to the IP address of the client. You have to implement your own Realm. If you use FlexibleRealmInterface, you have access to the entire HttpServletRequest, including things like the IP address. I have used this technique myself to do exactly as you desire. | It is upmost importance that I log the IP address of both successful | and unsuccessful logon attempts, which is why this must be done | outside the application. In any case, you will have to either hack the Tomcat authentication code or disable container-manager authentication, since Tomcat intercepts all authentication requests and your code will never have a chance. That's why I suggested sf. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ( http://enigmail.mozdev.org/ ) iEYEARECAAYFAkfFcXsACgkQ9CaO5/Lv0PCk8wCgmedUvzj0F5anfYO8JV9bwu+i KjgAoKR4/RnUthp1naytQbIWYNT/8wa2 =xjlg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]