I've suggested a patch to issues.apache.org which might be helpful if Sid wants to implement his own Valve.
My patch is a new valve, which diverts the call to a pre-defined URL if j_security_check is called (I had to circumvent the fact that after j_security_check Tomcat is always forwarding to the last request being stored - that doesn't work when dealing i.e. with frames. The benefit for the OP: Since it's a Valve, it's pretty easy to evaluate the url originally requested - not sure, if the parameters are in there but I believe so. Since this Valve is pretty straight forward and lean, it shouldn't be a problem to adapt it so that it might meet Sid's needs. You can find the patch here: https://issues.apache.org/bugzilla/show_bug.cgi?id=46902 Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org