I have two WAR's in one EAR file. The first one is Web administration, and the second one is an external WAR for making Reports (BIRT).
I wish to use the same login session for both WAR's as you log into the Web administration which uses BIRT to create reports. I have added the same security domain to both WAR's. But if you first log into the Web admin. and then calls some URL which applies to the BIRT WAR, I need to log in again.
I have tried to put the org.apache.catalina.authenticator.SingleSignOn valve into the Tomcat server.xml and it works fine. But isn't there any other solution to this, as they both are located in the EAR file. Isn't there any descriptor or something to tell that these two WAR's should share the login session ?
Even though you have 2 WAR's inside an EAR, the 2 WAR's are loaded by 2 different class loaders & so they cannot share the same login session. Setting it in a Tomcat Valve is the way to go.