Hi, Thanks for that. I have investigated Security Filter, and I don't see how that gives me access to the IP address of the client. It is upmost importance that I log the IP address of both successful and unsuccessful logon attempts, which is why this must be done outside the application. Kerrin
>>> On 25/02/2008 at 20:44, in message <[EMAIL PROTECTED]>, Christopher Schultz >>> <[EMAIL PROTECTED]> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kerrin, Kerrin Hardy wrote: | I'm trying to create a Realm that authenticates a user and logs the | IP address they attempted from, but I am having trouble finding how I | get the IP address of the request (the Remote IP Address). This is not possible using Tomcat's existing container-managed authentication implementation. If you want something a little more flexible, you can look at SecurityFilter (http://securityfilter.sourceforge.net). Or, you can do as Mark suggests and use a Filter to log successful login attempts. Unfortunately, you will be unable to log unsuccessful attempts because IIRC Tomcat intercepts those requests before they even get to your app's code (including Filters). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ( http://enigmail.mozdev.org/ ) iEYEARECAAYFAkfDKJMACgkQ9CaO5/Lv0PCZ5QCeLh3CBpzsbMtFp3QgnJnYRn+U JYMAn3ddJFedUxowiacJqQdDyrjbBdrF =LwLN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]