When you have realms or any other container facilities that provide sso features, you are talking of flexible declarative support. You do not have to explictly program for SSO. Everything is done by the container (in our case Tomcat).
The article that you refer relies on the configuration that is set statically via http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/Configuration.html#getConfiguration() The article talks about programmatic SSO in web applications, saying that each webapp will have a single loginmodule and the sso is achieved via the sharedstate map that is passed between the LoginModules (or the webapps). This may be a viable option, but the work is done by you, not by the container. JAAS provides a protocol/container independent authentication mechanism. Thats all there is to it, apart from the pluggability aspect of it. It is better to look at container provided features to minimize the development work, but if you are really interested in portability, maybe you can disable all container security for your webapps and use code with a common store like ldap/db to store ur shared auth state. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3914878#3914878 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3914878 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
