-Original Message-
From: David Potts
Sent: 11 October 2001 10:02
To: 'Orion-Interest'
Subject: RE: How to get the RoleManager
inline
-Original Message-
From: Mike Cannon-Brookes [mailto:[EMAIL PROTECTED]]
That won't help - I think shared sessions only work between
two WARs in the
same app.
We could probably live with merging the two apps into WARs in
the same EAR file. However, we've just tried that with a
test app and with the shared flag set to be true in both of
the web-app tags in default-web-site.xml (and also in
default-web-app for good measure!) and we have the same
problem: the second app again goes to the login form. Any
ideas of what config we might have go wrong?
Juan Lorandi in this thread mentioned putting shared=true
in orion-web.xml but we can't find that in the docs. What
tag attribute do we apply this to? Juan also mentions the
same realm name, but this is just for BASIC authentication I
believe, and we unfortunately have to use FORM based
authentication. Is that right?
The only thing I can suggest is using some sort of cookie
based system where
you track via session ID who is logged in (stored in a hashmap or
something), then from each app lookup that hashmap (via JNDI)
and log in the
user programmatically before they are shown the login page.
Very fugly
though. SSO is one of J2EE's problems.
So the flow of that solution would look like:
(1) User logs into app1
(2) Store user info in JNDI somewhere that app2 can see it
(3) The user clicks a link that would take them into app2
(4) Intercept the login-request and use the stored info to
log the user into app2
The problem with this flow is that we don't know how to
intercept at step (4) *before* the user is shown the login
form by the container. Is this possible?
If not, our idea similar to this would be:
(1) User logs into app1
(2) Convince the app2 security (RoleManager?) that the user
is logged in using the values passed to app1
(3) The user clicks a link that would take them into app2 and
is already logged in
Hence the original question in this thread: how from app1 do
we get hold of app2's RoleManager?
Thanks for all the help.
Dave.