I've tried putting the constraint into conf/web.xml That applies the constraints to all the specified web apps managed by the server, but users still need to log into each web app separately.
I.e. if conf/web.xml contains a security constraint that such as
<security-constraint>
<display-name>Site access constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected
Area</web-resource-name> <url-pattern>/WebApp_A/*</url-pattern>
<url-pattern>/WebApp_B/*</url-pattern> </web-resource-collection>
<auth-constraint> <role-name>a_defined_role</role-name> </auth-constraint>
</security-constraint>
(webapps/Web_App_A/WEB-INF/web.xml and webapps/Web_App_B/WEB-INF/web.xml do not contain a security-constraint.)
(By the way, I don't know if putting a security constraint in conf/web.xml is legitimate.)
The constraint will apply to WebApp_A and WebApp_B
When a user access a page in WebApp_A, she is required to login. If, after a successful login, she accesses a page in WebApp_B, she will have to log in again. Is there a way to force the first login to apply to all the listed web-apps?
Thanks,
bw