On 6/19/06, Michael L Torrie <[EMAIL PROTECTED]> wrote:
Do JSP containers handle inter-server authentication? That's the real
problem the OP was trying to solve. Having server A authenticate a user
and then find a way to have server B recognize that server A had already
authenticated and authorized the user.
So this doesn't really have much to do with sessions.
The first part of the solution I mentioned in my original post would
still need to be written from scratch -- the HTTPS post inter-op
between the two servers. However, after the authentication has taken
place, session management is still essential. Unless you want to
re-authenticate the user with every single GET or POST (HTTP is
stateless after all). A JSP container with no additional
configuration would handle the later and more difficult part of the
problem -- post-authentication page authorization via session
management.
Anyway, to more directly answer your question. Yes, JSP/J2EE
containers support inter-server authentication through J2EE Realms --
just like Kerberos Realms. Additionally you can write your own
authentication module with any custom implementation you want with the
JAAS (Java Authentication and Authorization Service) API. Both of
these solutions are JSR standards and will work in any J2EE/JSP
container.
-Bryan
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
