Hi List! We are developing a couple of webapps that need to talk to each other, and to do that, we have been using HTTP to just fetch certain URLs from the other webapps to the requesting webapp. To ensure that the programmatic request is carried out in the context of the user doing the client request to the first webapp, we are fetching the SSOID cookie value and putting that in the request to the second webapp. (I hope I'm making myself clear)
However, we have encountered the problem that if the user is not already authenticated upon the client request, the SSOID cookie doesn't exist, so we can't forward its value to the second webapp. We haven't been able to find a good workaround for this problem so far, so I'm turning to you good people on the list for assistance. What do you think? Are we making a mistake in using the SSOID to begin with and should just think of another way, or is there a way to do this properly. We have thought of the following workarounds -- could you please tell me what you think of them? 1. Write a subclass of org.apache.catalina.authenticator.SingleSignOn, which catches a call to the register() method and puts that SSOID in a request attribute, which can later be fetched from another webapp to do the second request. 2. Write a filter, which upon detection of a non-existing SSOID cookie, sends a redirect back to the same URL to the client, which should make the AuthenticatorBase valve send the SSOID cookie to the client, so that it exists when the client comes back. 3. Use reflection somehow to fetch the SSOID cookie from the SSO valve. I don't think this is possible, though, thanks to Tomcat's protection against reflection from webapps. Thanks for reading! Fredrik Tolf --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
