-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregor,
Gregor Schneider wrote: > The only options I'm having seem to be > > - subclass FormAuthenticator and patch Tomcat Agreed: yuk. > - use a JAAS-implementation, but I got no Idea if this will work, > besides, you'll have to deal with the JAAS-implementation (i.e. > JGuard, JOSS etc.) which again means to spend quite some time to > understand and customize them. > > In Websphere f.e. you can use a filter, filtering "j_securitx_check" > and then manipulate request / response, however, that does not work > within Tomcat. > > A valve would work, but I doupt that I can modify request / response > in such a valve. You probably can do this, but this is not particularly ideal. You could also use securityfilter (http://securityfilter.sourceforge.net), which is a bit more hackable than Tomcat itself. sf has a feature which allows you to override the URL that gets saved when a user is challenged for a login. Instead of going to the original URL, they are sent to the other URL after login, which sounds like it's exactly what you want. You'll need to get a copy from CVS, because this feature is not yet in any release version -- though the code is quite stable. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjFpxIACgkQ9CaO5/Lv0PC8fACguStHhvitjrUdgqawtad67Q0K rcMAn0ypQrcyiPU2m/ERG/7MCeayMh3Y =yEjI -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]