"niwhsa" wrote : Why dont you put a servlet filter for the j_security_check servlet in your web.xml. In the filter code, you will have access to the request object from where you can read j_username and store it in the session. This would be the easiest way of doing this without tampering with the app server code.
read this http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves and you'll have the answers you are looking for. If you don't like having jboss classes configured in your project, you may define your own valve extendig the tomcat native one Cheers View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3891755#3891755 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3891755 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user