I've been following these posts closely because I want to do basically the same thing as well. My stupid question is what happens after you submit the form?? What I would like to do is create an Object and put it in the users session. However, if the user goes click on a link that takes them to another webapp, will the object that I put in the session still be available?? Single Sign On is great but if I can't passes a shared object around via the session (or some other technique) it doesn't do me any good.
Mike -----Original Message----- From: HAVENS,PETER (HP-Cupertino,ex3) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 1:53 PM To: '[EMAIL PROTECTED]' Subject: Native OS authentication using single sign on ... I am currently trying to authenticate multiple webapps under a single authentication mechanism. That is login once and you can access all of the webapps under a given virtual host. I have enabled single sign on in the server.xml file and I have added a <security-constraint> and <login-config> in my conf/web.xml file. Everything is working great and it is authenticating users against the conf/tomcat-users.xml file. Now I want to take the next step to do native OS authentication using a JNI to a C or C++ module that uses PAM. How do I change my login.jsp page pointed to by the <login-config> to call a bean instead of just authenticating against the tomcat-users.xml? Any input would be greatly appreciated. I have included part of my conf/web.xml and my login.jsp. Thanks in advance. -Peter ----------Portion of conf/web.xml--------------------- <security-constraint> <display-name>Gryphon Authentication</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>GET</http-method> <http-method>DELETE</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>*</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <realm-name>Gryphon Form-Based Authentication</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> --------end of conf/web.xml------------ --------login.jsp--------- <html> <head> <title>Login Page</title> <body bgcolor="white"> <form method="POST" action='<%= response.encodeURL("j_security_check") %>' > <table border="0" cellspacing="5"> <tr> <th align="right">Username:</th> <td align="left"><input type="text" name="j_username"></td> </tr> <tr> <th align="right">Password:</th> <td align="left"><input type="password" name="j_password"></td> </tr> <tr> <td align="right"><input type="submit" value="Log In"></td> <td align="left"><input type="reset"></td> </tr> </table> </form> <% if ( ! request.isSecure() ) { // Forward to a secure page String sslURL = "https://"; + request.getServerName() + ":1188" + request.getRequestURI(); %> <br><br> <br><b>WARNING:</b> This is a non-secure page! <br><br> <br>Click <a href="<%= sslURL %>">here</a> to use SSL. <br><br> <% } %> </body> </html> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
