You can setup a custom login screen and set it up in the tomcat. I am doing
it. and you can access the username and password from session variables
j_username and j_password. also you can access requested link from session.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LogIn</form-login-page>
<form-error-page>/LogIn</form-error-page>
</form-login-config>
</login-config>
I like the tomcat login module because it is transparent. I guess you check
the role, roleGroup and set response.sendError(401,..) to redirect user back
to login page if he/she does not have enough previlages.
did I miss anything here??
anil
pete wrote:
> Sure, one is that i want custom login screens, another is that we store
> all our authentication details centrally and query for them via an XML
> data service.
>
> Various user and domain-specific data, including user preferences,roles
> etc. is stored in this repository, not just 'yes, this user has blanket
> access to the site'.
>
> Our permissions-management tools are all written to work with this, so i
> have an existing system i must fit my tomcat-based solutions into here.
>
> I do use tomcat's basic authentication facilities for some unrelated
> services, but for us it makes a lot of sense to centralize
> authentication and preference data this way.
>
