Forget about all the above, it doesn't work. You will have to subclass the used Authenticator-Class (i.e. org.apache.catalina.authenticator.FormAuthenticator), create a jar from it and out this jar into server/lib of your Tomcat-Installation-directory. Then you'll have to patch catalina.jar: Inside is a file called Authentocator.properties, and you will have to exchange Tomcat's Authenticator-class with your own.
So far, so easy: Unfortunately, just subclaiing i.e. FormAuthenticaor and then do your own stuff won't work, since the coding of the authenticate()-method is spaghetti-code at it's worst: Maybe the author wanted to create security by obscurity, I don't know: I copied the whole authenticate()-method and the saveRequest()-method (which is private) and changed the saveRequest()-method like this (I'm always forwarding to "http://myContect/index.htm": private void saveRequest(HttpRequest request, Session session) { // Create and populate a SavedRequest object for this request HttpServletRequest hreq = (HttpServletRequest) request.getRequest(); SavedRequest saved = new SavedRequest(); Cookie cookies[] = hreq.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) saved.addCookie(cookies[i]); } Enumeration names = hreq.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); Enumeration values = hreq.getHeaders(name); while (values.hasMoreElements()) { String value = (String) values.nextElement(); saved.addHeader(name, value); } } Enumeration locales = hreq.getLocales(); while (locales.hasMoreElements()) { Locale locale = (Locale) locales.nextElement(); saved.addLocale(locale); } Map parameters = hreq.getParameterMap(); Iterator paramNames = parameters.keySet().iterator(); while (paramNames.hasNext()) { String paramName = (String) paramNames.next(); String paramValues[] = (String[]) parameters.get(paramName); saved.addParameter(paramName, paramValues); } saved.setMethod(hreq.getMethod()); saved.setQueryString(hreq.getQueryString()); //saved.setRequestURI(hreq.getRequestURI()); String context = (hreq.getContextPath()); System.out.println (context); // IN HERE YOU WILL HAVE TO INSERT YOUR OWN FORWARD saved.setRequestURI(context + "/index.htm"); // Stash the SavedRequest in our session for later use session.setNote(Constants.FORM_REQUEST_NOTE, saved); } Somebody else in this mailinglist suggested using a valve, however, a valve is good enough to get the credentials via picking the request-parameters, but I found no way of changing the saved URL in j_security_check without subclassing and patching catalina.jar Btw., I did that for Tomcat 5.0.28 Hope that helps! Greg
