-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eugen,
Eugen Stoianovici wrote: > Since I can't intercept the login form (which goes to j_security_check) > where should i put the code for setting those session values? Ah, but you can intercept it! You just need to think outside the container. Or, inside, rather. Use a filter with logic like this: public void doFilter(...) { Principal p = request.getPrincipal(); HttpSession session = request.getSession(); Object mySessionObj = session.getAttribute("my_session_key"); if(null != p && null == mySessionObj) { // There is a Principal (valid login) who has not been set up. // TODO: retrieve whatever objects you need to stick in // the session. mySessionObj = ...; session.setAttribute("my_session_key", mySessionObj); } } I myself use a filter like this, and it works just fine. I hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGwdLj9CaO5/Lv0PARAtUKAJ49aG9OFCmlLfiwElOIqilRWgxLWACgmAph QrsIbkd6e1CykySOfx+sfPQ= =WzPF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]