I'm using JAAS to handle authentication. One of the things that you're able to
do is use pluggable authentication under Windows and Solaris (using the Sun
implementations) and Linux (with the IBM implementation), or authenticate
against a database (which is what I'm doing). The end result of the
authentication process is a Subject having one or more Principals and public or
private credentials (which can be any Java object).
You can add either the Subject itself (with all of its attached state, in a
secure environment), or just its public credentials (as a token or key in a
non-secure environment) to the session object in JSPs and servlets to indicate
an authenticated user.
You might want to check this out: http://java.sun.com/products/jaas.
Hope this helps.
- Roby
[EMAIL PROTECTED] wrote:
> Yes, but than then client would have to identify itself at the second webapp
> without being challenged for another login. The only way to accomplish this
> would be a session based cookie I guess, in addition to this centrally stored
> information. I was hoping for some standard approach/protocol that I was not
> aware of. But maybe it just isn't there (yet).
>
> Thanks,
>
> Wilko
>
> "Sam Newman" <[EMAIL PROTECTED]> on 13-03-2001 15:15:44
>
> Please respond to [EMAIL PROTECTED]
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Wilko Hische/HADV/NL)
> Subject: Re: Off topic: Single login for separate web applications?
>
> Having a central repository of logins/passwords would work from one end =
> e.g. when connecting to one of your servers, that server communicates with
> the central repository to veriy the login/password. However, when going to
> another webapp that webapp needs to know you've been authorised. perhaps
> once authorised, you could store information about the client at the central
> respository. When a webapp gets a connection from that client, it looks ion
> the central repository to see if that client has been authorised. Not sure
> on what info would work though....
>
> sam
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, March 13, 2001 12:38 PM
> Subject: Off topic: Single login for separate web applications?
>
> >
> >
> > Hi,
> >
> > Sorry for posting this off topic question. I would really appreciate any
> > pointers into the right direction.
> >
> > What I would like to know is what you would need in general to create a
> single
> > login to different web applications on different web servers (and possibly
> > platforms)? I gues the servers would need some shared repository for
> > login/passwords, but how would it be possible after logging in to one
> server to
> > pass on this fact to the other servers?
> >
> > I hope the answer is as simple as the question,
> >
> > Wilko Hische
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
