which is the recommended strategy to implement a central login page (JSP) in JBoss which can forward the user to other web application based on user access rights?
The current setup is: we have two web apps, secured with JAAS
which use basic authentication.
We need one central login form for all web apps, and a single sign on, so we need to figure out a way to forward the user to a web app using his login information, so that the second web app does not ask for name / password again.
In a new web app, we implement a login form for user name / password and a database lookup using these values, which finds the webapps the user is authorized for, and then redirects him to this web apps entry page.
I tried to use a sendRedirect with username/password encoded in the URL (http://user:pass@site/context), but unfortunately Internet Explorer did not accept the request.
I am reading about Single Sign On and Web Authentication (Programmatic Web Login) with JBoss but still I am not sure which path to follow.
All apps are on the same virtual host. We are using version 4.2.0 of JBoss.
Is this a standard problem with a best practice to solve it?