Well, the source for Tomcat is open and available, and there is already a class that authenticates against a database (org.apache.tomcat.request.JDBCRealm) that seems like it would probably be a good basis for whatever you are trying to do that it doesn't. To get the source, you can either use CVS to get the current source, or the I believe there are src bundles of each release available where you downloaded Tomcat. Randy -----Original Message----- From: Geoff Taylor [mailto:geoff@smartjsp.com] Sent: Thursday, February 01, 2001 10:04 AM To: tomcat-user@jakarta.apache.org Subject: Custom authentication mechanism in Tomcat? Hi, I'd like to implement a custom authentication mechanism for Tomcat. How should I go about it? OK, so that's a huge question. I'll try and be a bit more specific: I'd like to be able to authenticate users against a database. I'm not afraid of writing the code to do all this, but I'd like to get it right instead of heading off in the wrong direction. At the minute it works as a Filter, but that doesn't allow you to use roles or security constraints. So I suppose the question is how do I hook the user authentication code I already have into the server so it's called to authenticate s. Or something. Sorry if this has been asked before, or if the answer's in some obvious place. I really have looked around, I just haven't been able to find anything relevant. So, any pointers/clues/hints out there? Many thanks, Geoff --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, email: tomcat-user-help@jakarta.apache.org