On Fri, Apr 9, 2021 at 7:48 AM Tim K <tim.k.5...@gmail.com> wrote: > As mentioned in that url, doing a pre-login of sorts before calling > HttpServletRequest.login() may be a workaround to accomplish this, but > then I would need to call my backend authentication service twice for > each login. > > -Tim
I've been looking into this further. Is it possible to completely disable or change the URL for the "j_security_check" to something else while still keeping form-login? I want to write my own servlet to perform the login via HttpServletRequest.login() instead of putting the password verification logic in the realm so that I have scope to the request to display custom error messages back to the user. I'll want the realm to be very generic, almost just creating a Principle for anything that hits it, but I want to ensure my custom login is the only thing that performs the login() for obvious reasons. -Tim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
