Hi! > A more flexible option is to use securityfilter > (http://securityfilter.sourceforge.net) to handle everything. > If you are already using spring have a look at ACEGI. It is not really easy to install, but allows you to e.g. have different login methods within the same webapp.
Regarding the principal. Remember, you can always use reflection to break into an object (given you use no securitymanager or a liberal configured one). For example, I used for a while: try { Method hasRoleMeth = principal.getClass().getMethod("hasRole", String.class); return (Boolean) hasRoleMeth.invoke(principal, role); } catch (NoSuchMethodException e) { log.error(e.getLocalizedMessage(), e); } catch (IllegalAccessException e) { log.error(e.getLocalizedMessage(), e); } catch (InvocationTargetException e) { log.error(e.getLocalizedMessage(), e); } Ciao, Mario --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]