Now I'd like to create a 2nd login-page, which protects exactly the same sites, but the fields should be diffenet, i.e. instead of using username and password, the user should be able to login using his lastname, birthday, mail address and password
The table which contains those information has also the column containing the username, e.g
USER_INFO: username - lastname - birthday - email
My questions are: - is it still possible to implement this kind of 2nd login page while the standard tomcat mechanism is activated (any round-way or forwarding possible?) -if yes, could you please provide a simple example for this?
Tomcat's standard (container-managed) security is defined by the J2EE standard. Unfortunately, that standard is not very flexible. It diverts URL requests to a standard channel which implements both the controller and model for the login process. The login model contains only a userID and password which are passed to the internal authentication mechanism - which in Tomcat is called a Realm.
For this reason, the straight container-managed security mechanism isn't well-suited for systems where the method of signon varies from straight userid/password. On the other hand, the reason that userID/password is so popular is that users have shown a remarkable ability to get confused by anything more complicated. Plus, when you're designing portals and other complex single-signon systems, it keeps everything to a common denominator.
For an alternative signon system, you have 2 choices. You can either forgo standard security or you can augment it.
If you forgo standard security, you lose a lot of benefits. Including the fact that you'll have to write and debug all your own security code.
Augmenting standard security is not trivial, however, since you're going to have to plug into places where normally things are done for you. You can, for example, implement the alternative credentials as a form, but you can't just submit the form, since the container will recurse you right back into the signon framework. You'll probably have to create a custom Tomcat Realm. That isn't hard, but it does require a little expertise, since you're effectively modifying Tomcat itself.
Custom Tomcat Realms aren't adaptable to other containers, so if you want to port to WebLogic, you'll have to recreate the functions as a WebLogic Realm. And at the end of the process, you're going to have to convert the custom credentials to standard ones, since the container-based security is dependent on having the framework construct a Principal containing the userId which can be used to determine the user's container Roles.
An IDE is no substitute for an Intelligent Developer.