1 Reply Latest reply on Mar 8, 2009 1:44 PM by anil.saldhana

    Forwarding to different webapps with given credentials (sing

    mjustin

      Hello newsgroup,

      which is the recommended strategy to implement a central login page (JSP) in JBoss which can forward the user to other web application based on user access rights?

      The current setup is: we have two web apps, secured with JAAS

      <jboss-web>
      <security-domain>java:/jaas/app_1</security-domain>
      </jboss-web>

      and

      <jboss-web>
      <security-domain>java:/jaas/app_2</security-domain>
      </jboss-web>

      which use basic authentication.

      We need one central login form for all web apps, and a single sign on, so we need to figure out a way to forward the user to a web app using his login information, so that the second web app does not ask for name / password again.

      In a new web app, we implement a login form for user name / password and a database lookup using these values, which finds the webapps the user is authorized for, and then redirects him to this web apps entry page.

      I tried to use a sendRedirect with username/password encoded in the URL (http://user:pass@site/context), but unfortunately Internet Explorer did not accept the request.

      I am reading about Single Sign On and Web Authentication (Programmatic Web Login) with JBoss but still I am not sure which path to follow.

      All apps are on the same virtual host. We are using version 4.2.0 of JBoss.

      Is this a standard problem with a best practice to solve it?