This requires a custom interaction between either the login module or the tomcat valve to propagate the login failure reason to the app code. There is no standard fow HOW authentication is integrated into the web container, and therefore its a boolean pass/fail event as far as the standard apis go.
Thanks. That sounds like a lot of work for little gain. I guess the database is reliable.