Look at the SingleSignOn valve.
-----Original Message----- From: Barnet Wagman [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 16:53 To: Tomcat Users List Subject: Can webapps 'share' a security-constraint? I'd like users to be able to login once and get access to several web apps. Is it possible for web apps to 'share' a security-contraint? I've tried putting the constraint into conf/web.xml That applies the constraints to all the specified web apps managed by the server, but users still need to log into each web app separately. I.e. if conf/web.xml contains a security constraint that such as <security-constraint> <display-name>Site access constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/WebApp_A/*</url-pattern> <url-pattern>/WebApp_B/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>a_defined_role</role-name> </auth-constraint> </security-constraint> (webapps/Web_App_A/WEB-INF/web.xml and webapps/Web_App_B/WEB-INF/web.xml do not contain a security-constraint.) (By the way, I don't know if putting a security constraint in conf/web.xml is legitimate.) The constraint will apply to WebApp_A and WebApp_B When a user access a page in WebApp_A, she is required to login. If, after a successful login, she accesses a page in WebApp_B, she will have to log in again. Is there a way to force the first login to apply to all the listed web-apps? Thanks, bw ----------------------------------------- ***************************************************************** Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person(s) or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ***************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
