I just saw someone asking the same question a few days. What do you do if you have 1 web application, but need to use 2 WAR files?
In my situation, I have the 'host' application and Business Intelligence software (Microstrategy), used for reports. It should have been in a single war file, but decision was made that Microstrategy should be kept in its own war.
Host application has links to mstr reporsts, which passes along jsesssionid. At the moment mstr application will validate jsessionid with host application, in order to 'authenticate'. This is a low security cheap solution.
I am wondering if there is a secure solution that could be provided by Acegi in this case. It seems like SSO is just too much for this, because this is the same application; its hard to justify setting up SSO. Would that be secure to have each war protected by Acegi, whereby the host application will authenticate and publish authentication info to the second application? Origin of credentials can be varified by both parties being having IP address of its peer. Transmission does not have to be secure, because both parties assumed to be on the same host. Any other weak spots? Would this add value to Acegi?
Vadim Pesochinskiy
[EMAIL PROTECTED]
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
