public void valueUnbound(HttpSessionBindingEvent event) {
      if (log.isDebugEnabled()) log.debug("Logout " + _jUserName);

      if (_realm instanceof SSORealm) ((SSORealm) _realm).clearSingleSignOn(_jUserName);

      if (_realm != null && _userPrincipal != null) _realm.logout(_userPrincipal);
    }
  /**
   * Perform form authentication. Called from SecurityHandler.
   *
   * @return UserPrincipal if authenticated else null.
   */
  public Principal authenticate(
      UserRealm realm, String pathInContext, HttpRequest httpRequest, HttpResponse httpResponse)
      throws IOException {
    HttpServletRequest request = (ServletHttpRequest) httpRequest.getWrapper();
    HttpServletResponse response =
        httpResponse == null ? null : (HttpServletResponse) httpResponse.getWrapper();

    // Handle paths
    String uri = pathInContext;

    // Setup session
    HttpSession session = request.getSession(response != null);
    if (session == null) return null;

    // Handle a request for authentication.
    if (uri.substring(uri.lastIndexOf("/") + 1).startsWith(__J_SECURITY_CHECK)) {
      // Check the session object for login info.
      FormCredential form_cred = new FormCredential();
      form_cred.authenticate(
          realm,
          request.getParameter(__J_USERNAME),
          request.getParameter(__J_PASSWORD),
          httpRequest);

      String nuri = (String) session.getAttribute(__J_URI);
      if (nuri == null || nuri.length() == 0) {
        nuri = request.getContextPath();
        if (nuri.length() == 0) nuri = "/";
      }

      if (form_cred._userPrincipal != null) {
        // Authenticated OK
        if (log.isDebugEnabled()) log.debug("Form authentication OK for " + form_cred._jUserName);
        session.removeAttribute(__J_URI); // Remove popped return URI.
        httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
        httpRequest.setAuthUser(form_cred._jUserName);
        httpRequest.setUserPrincipal(form_cred._userPrincipal);
        session.setAttribute(__J_AUTHENTICATED, form_cred);

        // Sign-on to SSO mechanism
        if (realm instanceof SSORealm) {
          ((SSORealm) realm)
              .setSingleSignOn(
                  httpRequest,
                  httpResponse,
                  form_cred._userPrincipal,
                  new Password(form_cred._jPassword));
        }

        // Redirect to original request
        if (response != null) {
          response.setContentLength(0);
          response.sendRedirect(response.encodeRedirectURL(nuri));
        }
      } else if (response != null) {
        if (log.isDebugEnabled())
          log.debug("Form authentication FAILED for " + form_cred._jUserName);
        if (_formErrorPage != null) {
          response.setContentLength(0);
          response.sendRedirect(
              response.encodeRedirectURL(URI.addPaths(request.getContextPath(), _formErrorPage)));
        } else {
          response.sendError(HttpResponse.__403_Forbidden);
        }
      }

      // Security check is always false, only true after final redirection.
      return null;
    }

    // Check if the session is already authenticated.
    FormCredential form_cred = (FormCredential) session.getAttribute(__J_AUTHENTICATED);

    if (form_cred != null) {
      // We have a form credential. Has it been distributed?
      if (form_cred._userPrincipal == null) {
        // This form_cred appears to have been distributed.  Need to reauth
        form_cred.authenticate(realm, httpRequest);

        // Sign-on to SSO mechanism
        if (form_cred._userPrincipal != null && realm instanceof SSORealm) {
          ((SSORealm) realm)
              .setSingleSignOn(
                  httpRequest,
                  httpResponse,
                  form_cred._userPrincipal,
                  new Password(form_cred._jPassword));
        }
      } else if (!realm.reauthenticate(form_cred._userPrincipal))
        // Else check that it is still authenticated.
        form_cred._userPrincipal = null;

      // If this credential is still authenticated
      if (form_cred._userPrincipal != null) {
        if (log.isDebugEnabled())
          log.debug("FORM Authenticated for " + form_cred._userPrincipal.getName());
        httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
        httpRequest.setAuthUser(form_cred._userPrincipal.getName());
        httpRequest.setUserPrincipal(form_cred._userPrincipal);
        return form_cred._userPrincipal;
      } else session.setAttribute(__J_AUTHENTICATED, null);
    } else if (realm instanceof SSORealm) {
      // Try a single sign on.
      Credential cred = ((SSORealm) realm).getSingleSignOn(httpRequest, httpResponse);

      if (httpRequest.hasUserPrincipal()) {
        form_cred = new FormCredential();
        form_cred._userPrincipal = request.getUserPrincipal();
        form_cred._jUserName = form_cred._userPrincipal.getName();
        if (cred != null) form_cred._jPassword = cred.toString();
        if (log.isDebugEnabled()) log.debug("SSO for " + form_cred._userPrincipal);

        httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
        session.setAttribute(__J_AUTHENTICATED, form_cred);
        return form_cred._userPrincipal;
      }
    }

    // Don't authenticate authform or errorpage
    if (isLoginOrErrorPage(pathInContext)) return SecurityConstraint.__NOBODY;

    // redirect to login page
    if (response != null) {
      if (httpRequest.getQuery() != null) uri += "?" + httpRequest.getQuery();
      session.setAttribute(
          __J_URI,
          request.getScheme()
              + "://"
              + request.getServerName()
              + ":"
              + request.getServerPort()
              + URI.addPaths(request.getContextPath(), uri));
      response.setContentLength(0);
      response.sendRedirect(
          response.encodeRedirectURL(URI.addPaths(request.getContextPath(), _formLoginPage)));
    }

    return null;
  }