> 5. There's no way for the application when using
> HtppServletRequest#authenticate to strongly indicate it wants to start a new
> dialog vs resuming/continuing an existing one.
>
> Hope this makes it more clear.
>
> Kind regards,
> Arjan Tijms
Can you give a concrete example of exactly what you mean by this? You
keep mentioning FORM auth but I am not really sure how there is any
ambiguity here? In general calling authenticate() will either result
in the login form being rendered, or the user successfully
authenticating (due to a previous auth saving the authentication
information in the session). When you post to j_security_check you
will always be authenticated, and then redirected as appropriate.
I'm not sure where in the cycle your proposed new methods would be
called, and what effect they would have?
Stuart