If the Servlet and the Jetspeed server are on the same Tomcat, there is no problem with sniffing... only the log of Tomcat... I'm intersted with SSO, but i don't understant how it could be installed (with SSO documentation, sorry) Guillaume
Raphaël Luta <[EMAIL PROTECTED]> a écrit : Guillaume wrote: > all the facilities are here. > If the password is false, J2 increments counter for disable his... > > This is a solution for not seeing another connection to do. > > In my case : > The user log into an intranet... > The intranet log inton an extranet (J2) with a authentication between intra > and inter following a web sevice which decrypt a String with login/password. > The client (intranet) doesn't want to have to sign on second time to the > extranet (J2) > > Guillaume > What you want is a SSO (single sign on) solution. This can be implemented at several level: - Jetspeed itself has some SSO components although they are designed to allow SSO from Jetspeed (ie ytou athenticate into J2 and then you don't need to reauthenticate to access remote resources) rather than your use case - through a third party SSO provider (Netegrity SiteMinder for commercial, mod_sso/CAS for OSS for example) - through some simple cookie based system using mod_usertrack of Apache HTTPD In all instance, I *strongly* encourage you to use not to use your current solution in production as it is very insecure. Putting clear-text login/password in URLs is bad : any sniffer will see them, they will appear in the log of any proxy between your client and server, they will appear in the logs of your server. -- Raphaël Luta - [EMAIL PROTECTED] Apache Portals - Enterprise Portal in Java http://portals.apache.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international.Téléchargez la version beta.
