I'd like to do some additional work once a user has logged in - check their roles, cache data in the session etc.
Is capturing a fresh login for pre-processing usually done by notification of an HttpSession event, an attribute event (subject being added to session for example), or by other means?
Considering that a login could be sending the user to any number of different protected resource types, it makes no sense to do it programmatically (may not be a jsp page or servlet after all, and I ain't good enough to code what I need in .wav files).
Makes sense to be event-driven, or by configuring the login modules. Did I miss something? Any ideas?