-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel,
On 8/14/2009 2:24 PM, Daniel Stephens wrote: > For Security reasons, > We need to do logging for IP,username, etc(AUDIT). > We need to log success and failed attempts. > We don't want to modify the internal classes(unless it's impossible). Tomcat cannot do this out of the box, which is why we switched to securityfilter (http://securityfilter.sourceforge.net/). If you write your own Realm, you can do anything you want with the database. If you get the current CVS head, you can also get access to the request that performs the authentication, so you can write things like error messages (or tokens) into the request attributes for later display. Yes, the CVS head is safe to use :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSqSEACgkQ9CaO5/Lv0PAHawCfbLq1ZZVOgK/8QcH4Vfx4ZFjc Z24An2YhOhbEs8mENrLwzeusIuYmmNUo =DXsR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org