1 Reply Latest reply on Apr 7, 2005 2:17 PM by milkygto

    Share session

    milkygto Newbie

      Is there any way I can share my principal/session across different war files within the same ear? or even in didn't ear files? I want to break up my huge web application into different war modules.

      I think websphere already have something like that. I wouldn't be suprise if jboss has and I don''t know about it.

      http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0215.html?Open

        • 1. Re: Share session
          milkygto Newbie

          I just lookup the servlet spec....It looks like this isn't working with tomcat..? Anyone know how can I share the users principal in different web application in the same security domain without re-authenticate again?

          SRV.12.6 Server Tracking of Authentication Information
          As the underlying security identities (such as users and groups) to which roles are
          mapped in a runtime environment are environment specific rather than application
          specific, it is desirable to:

          1. Make login mechanisms and policies a property of the environment the web
          application is deployed in.

          2. Be able to use the same authentication information to represent a principal to
          all applications deployed in the same container, and

          3. Require re-authentication of users only when a security policy domain boundary
          has been crossed.
          Therefore, a servlet container is required to track authentication information
          at the container level (rather than at the web application level). This allows users
          authenticated for one web application to access other resources managed by the
          container permitted to the same security identity.