Check this for a way to implement this with Tomcat (you must use 5.5 ore
higher, though):
http://weblogs.java.net/blog/wholder/archive/2005/02/session_session.html
Or this is a solution I found with an external authentication server:
http://www.developertutorials.com/tutorials/java/single-sign-on/page4.html
hth,
Christoph
Ben Bookey wrote:
Dear List,
We are using Tomcat 4.1.xx. We are NOT using the built in security
framework which comes with TC. In the login.jsp page the user/password
is validated by an external organisation wide process, which returns
simply true or false. If the user is valid, the user is forwarded to the
application JSP pages. The user can not access the application pages at
will, because the pages check to see if a particular session flag is
checked.
Now my problem. I have been asked to assess if single sign On (SSO)
could be used to create a URL link to another similar webapp's JSP page
(TC with no security framework), where the user doesnt need to login for
a second time. There is not so much info. about SSO around, but from
what I gather it persists login info. inside a session which is passed
between web applications. My first problem is that "my application"
never knows what the password is. Can anyone see a possibilty of using
SSO for me, allowing direct access to another webapps JSP page with out
re-login ?
Would really appreciate any help on this. Especially ones with info.
more than simply "No" ;-)
kind regards,
Ben
p.s. might be that the 2nd app has to create a web-service or something
to provide the information for us!!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
