It seems to me that Tomcat security realms may be a bit inflexible. It seems easy to set it up to require login for protected resources, but it seems difficult to programmatically integrate and affect login state otherwise. I would like to accomplish a couple of very common authentication scenarios and am wondering (a) if they're possible using realms and (b) if so - how would one accomplish them?
Auto Login Scenarios: 1. New Account - After a user signs up for my website and an account is present in the database, they can login. But it seems terrible to me to ask a person to login after having just created an account; they should already be logged in when they're done creating the account! 2. Remember Me - I want to give the user the option to select a "remember me" checkbox when logging in, in which case, a cookie is set locally and if the cookie is present, then the user will be automatically logged in when they return, rather than having to submit the login form. ...in both of these cases, I need the ability to programmatically log someone in; not just send them to a form-protected resource. Is this possible? Can someone explain to me how this is done? Thanks! Neal
