I heared somewhere that there's a plan to have the following
manner of scalability and load-balancing with servlets:
we have a load balancer that directs request to one of the n
servlet-engine-running boxes.
Sessions are stored permanantly in a DBMS accessible from
all these boxes.
So, the following questions arise:
1) will this solve the problem of single login for different web-apps
2) how is such solution from us, users?
On Tue, 13 Mar 2001 18:21:09 +0100, [EMAIL PROTECTED] wrote:
>
>
>Thanks, I will check it out.
>
>Wilko
>
>
>
>
>
>Roby Gamboa
>13-03-2001 17:52
>
>Please respond to [EMAIL PROTECTED]
>
>Sent by: rgamboa
>
>
>To: [EMAIL PROTECTED]
>cc: (bcc: Wilko Hische/HADV/NL)
>Subject: Re: Off topic: Single login for separate web applications?
>
>
>
>I'm using JAAS to handle authentication. One of the things that you're able to
>do is use pluggable authentication under Windows and Solaris (using the Sun
>implementations) and Linux (with the IBM implementation), or authenticate
>against a database (which is what I'm doing). The end result of the
>authentication process is a Subject having one or more Principals and public or
>private credentials (which can be any Java object).
>
>You can add either the Subject itself (with all of its attached state, in a
>secure environment), or just its public credentials (as a token or key in a
>non-secure environment) to the session object in JSPs and servlets to indicate
>an authenticated user.
>
>You might want to check this out: http://java.sun.com/products/jaas.
>
>Hope this helps.
>- Roby
>
>[EMAIL PROTECTED] wrote:
>
>> Yes, but than then client would have to identify itself at the second webapp
>> without being challenged for another login. The only way to accomplish this
>> would be a session based cookie I guess, in addition to this centrally stored
>> information. I was hoping for some standard approach/protocol that I was not
>> aware of. But maybe it just isn't there (yet).
>>
>> Thanks,
>>
>> Wilko
>>
>> "Sam Newman" <[EMAIL PROTECTED]> on 13-03-2001 15:15:44
>>
>> Please respond to [EMAIL PROTECTED]
>>
>> To: [EMAIL PROTECTED]
>> cc: (bcc: Wilko Hische/HADV/NL)
>> Subject: Re: Off topic: Single login for separate web applications?
>>
>> Having a central repository of logins/passwords would work from one end =
>> e.g. when connecting to one of your servers, that server communicates with
>> the central repository to veriy the login/password. However, when going to
>> another webapp that webapp needs to know you've been authorised. perhaps
>> once authorised, you could store information about the client at the central
>> respository. When a webapp gets a connection from that client, it looks ion
>> the central repository to see if that client has been authorised. Not sure
>> on what info would work though....
>>
>> sam
>> ----- Original Message -----
>> From: <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Tuesday, March 13, 2001 12:38 PM
>> Subject: Off topic: Single login for separate web applications?
>>
>> >
>> >
>> > Hi,
>> >
>> > Sorry for posting this off topic question. I would really appreciate any
>> > pointers into the right direction.
>> >
>> > What I would like to know is what you would need in general to create a
>> single
>> > login to different web applications on different web servers (and possibly
>> > platforms)? I gues the servers would need some shared repository for
>> > login/passwords, but how would it be possible after logging in to one
>> server to
>> > pass on this fact to the other servers?
>> >
>> > I hope the answer is as simple as the question,
>> >
>> > Wilko Hische
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, email: [EMAIL PROTECTED]
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, email: [EMAIL PROTECTED]
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, email: [EMAIL PROTECTED]
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, email: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
