Background: Consider two webapps: foo and bar. When a
user of foo performs a certain action, foo shares
files with bar by calling actions on each other via
HTTP.
We are being asked to put a memory realm on foo and
bar so that users must login. The problem is that now
the above system-level communication between foo and
bar will break.
Question: if one knows the username and password for a
webapp, can it be placed on the URL?
E.g.
http://mydomain.com:8080/foo?username=x&password=y
I've tried this but no luck.
More generally, is there a way to do it with the
java.net URL class?
Any ideas? I realize that perhaps foo and bar could
communicate in a different way (RMI, JMS) but that is
not really an option for us.
thanks,
Mike
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
Hello Mike, u could use java beans type classes and session attributes get and set between the to webapps. store and check the session id's to insure valid data by using the corresponding session id. i personally would not use the users id and password in the url even if it was private as long as there were other as yet unauthenticated users on the local subnet. and, of course, don't even mention doing this on the public wire (you would be asking to get severely compromised). the memoryRealm would be ok if u MD5 digest the passwords in the otherwise human readable flat ASCII text tomcat-users.xml file but u would prove to be a PITA under load of many simultaneous users (though a low user count would be ok). preferably, use the JDBCRealm which works great 4 me running oracle but u can run mySQL or postgresql and allows queries where the users table can be a fk to some other business logic table. hope this helps, david.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
