FW: How to get the RoleManager (resend)

2001-10-11 Thread David Potts 



 -Original Message-
 From: David Potts 
 Sent: 11 October 2001 10:02
 To: 'Orion-Interest'
 Subject: RE: How to get the RoleManager
 
 
 inline
 
  -Original Message-
  From: Mike Cannon-Brookes [mailto:[EMAIL PROTECTED]]
  
  That won't help - I think shared sessions only work between 
  two WARs in the
  same app.
 
 We could probably live with merging the two apps into WARs in 
 the same EAR file.  However, we've just tried that with a 
 test app and with the shared flag set to be true in both of 
 the web-app tags in default-web-site.xml (and also in 
 default-web-app for good measure!) and we have the same 
 problem: the second app again goes to the login form.  Any 
 ideas of what config we might have go wrong?
 
 Juan Lorandi in this thread mentioned putting shared=true 
 in orion-web.xml but we can't find that in the docs.  What 
 tag  attribute do we apply this to?  Juan also mentions the 
 same realm name, but this is just for BASIC authentication I 
 believe, and we unfortunately have to use FORM based 
 authentication.  Is that right?
 
  
  The only thing I can suggest is using some sort of cookie 
  based system where
  you track via session ID who is logged in (stored in a hashmap or
  something), then from each app lookup that hashmap (via JNDI) 
  and log in the
  user programmatically before they are shown the login page. 
 Very fugly
  though. SSO is one of J2EE's problems.
  
 
 So the flow of that solution would look like:
 
 (1) User logs into app1
 (2) Store user info in JNDI somewhere that app2 can see it
 (3) The user clicks a link that would take them into app2
 (4) Intercept the login-request and use the stored info to 
 log the user into app2
 
 The problem with this flow is that we don't know how to 
 intercept at step (4) *before* the user is shown the login 
 form by the container.  Is this possible?
 
 If not, our idea similar to this would be:
 
 (1) User logs into app1
 (2) Convince the app2 security (RoleManager?) that the user 
 is logged in using the values passed to app1
 (3) The user clicks a link that would take them into app2 and 
 is already logged in
 
 Hence the original question in this thread: how from app1 do 
 we get hold of app2's RoleManager?
 
 Thanks for all the help.
 
 Dave.

FW: How to get the RoleManager

2001-10-09 Thread David Potts 

I'm resending this as it hadn't appeared on the list after 5 hours :-)

Dave.

 -Original Message-
 From: David Potts 
 Sent: 09 October 2001 09:00
 To: '[EMAIL PROTECTED]'
 Subject: How to get the RoleManager
 
 
 Hello,
 
 Does anyone know if/how to get the RoleManager for an 
 application from outside of that application?
 
 What I'm trying to do is login to app1 and then as part of 
 that process programmatically login to app2.
 
 I've seen questions in the archive about how to get the 
 RoleManager, but I've not found the definitive answer.  I've 
 been able to get the java:comp/RoleManager object from within 
 the application, but not from an external app.
 
 Any ideas?
 
 Cheers,
 
 Dave.
 
 ---
 David Potts
 Xchanging
 Email:  [EMAIL PROTECTED]
 http://www.xchanging.com