Gregor Schneider wrote:
Well, subclassing FormAuthenticator would be a hack, a Tomcat-only-solution and inho a bad one.therefore, take a look at JAASRealm and try to combine it with your existing login-procedure, meaning - Implement a JAASRealm - get the credentials from there (user, password) - do the JAAS-Authentication via Tomcat - if ok, call your stored procedure - if that returns ok, fine, otherwise invalidate the Session and react accordinglyThat's just a rough schema, but it's a start to give you one or two thoughts.BTW.m JAAS is not Tomcat-specific since JAAS is a Java-API which all servlet-containers implement (at least all the important ones, afaik): http://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service hth gregor
I was halfway through writing an almost identical answer, but I shall instead just add: I concur.
p
smime.p7s
Description: S/MIME Cryptographic Signature