Are there plans to include built-in tools to better implement container managed security? I'm a application developer that uses *DataSourceRealm * realm authentication of Tomcat to have form-based authentication for the applications I build.... But my users have poor passwords and many of them have been using the same password for over a year and there is no built-in Tomcat subsystem to allow me to do such things as:
1) force users to change their passwords every now and then, 2) enforce some kind of complexity-requirement for the passwords users have so people are using "strong" passwords that are hard to guess. Are there plans to include built in tools like the above around the existing Container Managed Authentication features of tomcat to allow for such things as the above to be administered within the server with minimal user coding. I'm just a user and don't know much about Tomcat internals. This would be a really good improvement/feature for future releases. Ferindo -- Ferindo Middleton
