-
1. 3762617
jpoley Jan 27, 2003 10:00 PM (in response to super4712)since you can't share http session state between webapps, you should use an EJB (entity bean) that can be accessed from both, and you can use a browser cookie (provided both webapps are in same dns domain) to determine if they are logged on, (and if that special, encrypted cookie exists, then you fetch the ejb from either app)
-jp -
2. Re: multiple war applications - single sign on
fsl Mar 27, 2003 12:31 PM (in response to super4712)You are plain wrong. The servlet 2.3 and j2ee 1.3 specs states that a web container should provide for single sign-on between multiple WARs that use form based authentication. Security contexts have nothing to do with session contexts.
if you use jboss-tomcat, you have to change the tomcat-service*.xml to configure a Valve that enables single signon. There's a bug report filled on this (looks like only when Tomcat is inside jboss) so I guess it won't work but it should.
If you use jetty, you are in bad luck. Jetty won't follow the specs on this respect, but the jetty developers already acknowledged the problem and are working on this.
So it should work but it looks like it won't work now. -
3. Re: multiple war applications - single sign on
jpoley Apr 14, 2003 7:50 PM (in response to super4712)sorry, i misspoke. i assumed that he also wanted to share session state. thats usually the next thing people ask for after auth.
-j -
4. Re: multiple war applications - single sign on
liren Aug 23, 2005 4:28 AM (in response to super4712)"flozano" wrote:
You are plain wrong. The servlet 2.3 and j2ee 1.3 specs states that a web container should provide for single sign-on between multiple WARs that use form based authentication. Security contexts have nothing to do with session contexts.
if you use jboss-tomcat, you have to change the tomcat-service*.xml to configure a Valve that enables single signon. There's a bug report filled on this (looks like only when Tomcat is inside jboss) so I guess it won't work but it should.
If you use jetty, you are in bad luck. Jetty won't follow the specs on this respect, but the jetty developers already acknowledged the problem and are working on this.
So it should work but it looks like it won't work now.
Hi friends:
I also want to know how to implement single sign on in JBoss Portal. Someone could help?