Sonja, You are confusing container managed authentication with application managed authentication. The "j_security_check" resource is defined by the Java Servlet spec. as a resource that must be made available to applications to provide conainer managed (form-based) authentication. It can not be replaced. Please see JBoss server guide http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html[/url] and [url]http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX on how to set up container managed security in JBoss/Tomcat.
That said, you have described application managed authentication. Creating a LoginContext, and authenticating a user in your application is perfectly acceptable. However, the result then is only known to, and must be managed by your application. You can not then hand the result over to the conatainer to manage. good luck, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953276#3953276 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3953276 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
