-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David,
David Delbecq wrote: > Login form should contains only login informations (cf J2EE specs). I agree that login forms should only contain login information, but I question the J2EE spec's interpretation of what should be considered login information. Username + password is often not enough, and the servlet spec makes it completely non-portable to do anything differently. > If you want to play with customization of login form that go beyond > what is allowed by j2EE security model, just forget container > managed [authentication and authorization] and provide your own one. One such option is to use securityfilter (http://securityfilter.sourceforge.net), which allows you to (IMO) more easily write your own authentication module, including direct access to the HttpServletRequest object where you can set up some configuration information. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYbIo9CaO5/Lv0PARAlj6AKCl2P0o7ei+ObLEj8vPMgSXeE//zgCfUrZp /VzjSHBhvfKCHkXGJrYBv8g= =FLAD -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]