well, we can't tell you the whole desigh of your_app-to-be but gave you some starting-points. now it's up to you to use them.
however, i do not see any sense at all passing more tha two credentials (user, pass) to authenticate.... therefore, i suggest first thing you should do is to re-think the design of your application. what i'm trying to tell you is the following: - authenticate via tomcat with user/pass - when this is ok, get additional credentials (i.e. banking-pin or whatsoever), call your stored-procedure - when this call is ok, everything is fine, go ahead - if the call fails, invalidate tomcat's session, kicking the user out hope you get the idea and i got you right cheers gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
