That's right. But what I actually mean is: what are the differences between 1) defining two protected areas in ONE web-app, using TWO security constraint, and 2) defining TWO web-app, using single-sign-on (which actually is not defined in web.xml, but in the server config file server.xml) with each ONE security constraint ? I think the point is that using single-sign-on implies sharing of the Realm class used to authenticate the users, and thus, at least in my environment, using the same database of users and roles, so it seems to me that there is no great difference...
Renato ____________________________________ Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _____________________________________ -----Original Message----- From: Dan K. [mailto:[EMAIL PROTECTED]] Sent: gioved� 18 aprile 2002 18.33 To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: SingleSignOn Or Security Constraint ? Hi, Correct me if I'm not thinking straight but doesn't the Single Sign-on and Security Constraint in the web.xml file do different things? The single sign-on allows the user to remained logged in while traversing different webapps and the Security Constraint determines who has access to the webapp. Regards, Dan On Thu, 18 Apr 2002, Renato Romano wrote: > I just configured Single Sign on on my Tomcat4 server, and was just > wondering what's the best way to chose, when I have to add a new > service to my site, if just adding a security constraint, in my main > Context, or configuring and using single signon, for achieving the > same result! > > It seems to me that using singlesignon has the following advantages: > 1) I create a service as a standalone application, that can then be > deployed elsewhere; > 2) I don't have to restart Tomcat in order to deploy/restart the new > service, or making it temporary unavailable, thanks to the manager > application; > 3) I can continue sharing java classes, by putting them in the > "common" dir; > 4) In my situation, obviously, a centralized database of users and > roles is ok; different context on tomcat, in my environment, should > only appear as different "services" or "roles", just similar to > defining new security constraints. > > I have not investigated too much on this topic, so the question is: is > there something I don't see that can cause problems using single > signon in this way ? Has someone already had such a doubt and how > he/she solved it ? > > Thanks > Renato > > ____________________________________ > Renato Romano > Sistemi e Telematica S.p.A. > Calata Grazie - Vial Al Molo Giano > 16127 - GENOVA > > e-mail: [EMAIL PROTECTED] > Tel.: 010 2712603 > _____________________________________ > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
