I've had similar demands :). Since under this case, the validating servlet must be outside of any security-constraints, if the user is successfully validated it stores the Principal in as a well-known attribute in the Session. You then write a simple (Context-level) Valve that queries the session for this value, and if non-null, calls the setUserPrincipal on the HttpRequest with this value.
Of course, this makes your system dependent on Tomcat, and can't be easily ported to any other servlet-container. "Juergen Weber" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > we have a portal. Now the marketing people want that > on the portal page be a form with user and password > field. After submitting the user should be logged in. > > First this looked like a very easy to do feature. > > We use container managed security to protect some > pages. > > So submitting the above mentioned form should simply > authenticate the user with the container. > > As simple as that seems, I cannot find any way to do > this via the servlet API. > > Two posts by Craig R. McClanahan > > (http://archives.apache.org/eyebrowse/ReadMsg?[EMAIL PROTECTED] pache.org&msgId=297658 > and > http://archives.apache.org/eyebrowse/ReadMsg?[EMAIL PROTECTED] ache.org&msgId=297211) > > suggest, that this is in fact not possible. > > If that is indeed the case, this is a big deficiency > of the servlet specification. > > Or is there another solution? > > Thank you, > Juergen > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Web Hosting - Let the expert host your site > http://webhosting.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>