AFAIK, no, there is no way to do it. Here at work we've built a whole security framework that works hand-in-hand with J2EE security, specifically to deal with shortcomings just like this.
In our framework, we have a filter who has a couple of functions, and one of them is exactly what you describe. Since j_security_check is nothing but a servlet that a request is redirected to when intercepted, you still have the opportunity to have a filter fire, so you can grab j_username and j_password if you wish and stick them in session (assuming it is created already... you may have set things up to not have a session at that point). -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, August 1, 2005 9:04 am, Chris Holden said: > Hi, I am using the built in security constraints to password protect some > directories in my app. It works fine, but I was wondering when someone > uses the login form to get to the passworded directory or page, is it > possible to get the username and/or password that the user submits in the > j_security_check form? I'd like to be able to set a cookie or session > variable with the persons username in after they log in so the next time > they come back to the site they see a personalised greeting kind of thing. > > I've tried printing out all request attributes/parameters, session > variables and cookies after and before login but apart from the sessionid > there isnt anything set. > > Does anyone know how to do what I want? > > > Cheers, > > Chris. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]