Hi Craig- >> If so, is it possible to set up a servlet that >> could manipulate the Referrer in the header, and redirect a request along to >> an application in another Tomcat server, making it look like a post to >> j_security_check, complete with referrer, j_username and j_password? >> >> Any suggestions or comments are welcome and appreciated. >> > Trying to forward security credentials like this is pretty much guaranteed > not to work. > > One thing you might consider using is Tomcat's standard support for single > sign on across multiple webaps. Check out the "Single Sign On" section
Thanks for the response. Your suggestion is only applicable for those who have a homogenous Tomcat environment. In my situation, my portal will have to forward to a mixed environment of Tomcat and JRun servers. In the future that may expand to include either WebLogic or WebSphere. I find it hard to believe that there is no way to programmatically manage a login sequence using j_security_check. Is it possible to use a servlet intermediary to handle the login interaction and then redirect the user to a "protected" resource once the login sequence is successfully completed? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>