I have a jsp application and my tomcat version is 7.0.34. Authentication is done using *Form based authentication.*
My requirement is as follows: When user's account gets locked, he has to send a unlock request and he gets a link in his registered email id clicking on which takes him to unlocking page(let's say *unlock.jsp*) which has 3 fields namely*username*, *password* and *unlock_code* and a submit button. After submission, once unlocked successfully the user should land to home page of the application. Just to let you know, the main login page of the application is *login.jsp* which is configured in *web.xml *and it is called whenever any protected resource is requested. It has username and password fields and it's action is *j_security_check*. Now my problem is how to pass unlock_code, the 3rd parameter of *unlock.jsp* to *FormAuthenticator *using the action *j_security_check*? I have implementations of *authenticate* method in *LockOutRealm* where I would have liked to first check if unlock_code is not null and then if yes then would have called backend service to unlock the user first(which would have also checked the password matching part) and then would have made a call to instantiate *UserPrincipal*. I have the implementation of *getPrincipal* method in another custom realm. Is there anyway to pass other parameters apart from username and password to *FormAuthenticator*(org.apache.catalina.authenticator.FormAuthenticator)? Quick help/Any reference related to this scenario would be appreciated.
