This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes Sharing authentication between application servers? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Sharing authentication between application servers?" Watch "Sharing authentication between application servers?" New topic

Sharing authentication between application servers?

Bing Qiao

Joined: Oct 24, 2006
Posts: 21

I'm developing a web portal that loads other web applications running on different J2ee application servers (JBoss and Glassfish, etc).

All application servers including the one the web portal resides on have their own form based JAAS authentication enabled but they all share the same users database.

The idea is as follows:
1. to have only one login page presented to users which has an iframe embedded in it for every external application and the portal. The iframe points to url that loads corresponding web application, which will be redirected to the login page of that web application.
2. a piece of javascript in the portal login page will pass user credential to individual iframes and login the user to the loaded application.

I've managed to make this work, but wonder if it's possible to have something as follows:
1. to have only the application server where the portal runs to have form based JAAS authentication enabled.
2. every external web application needs to have a filter that authenticates all incoming requests.
3. every iframe holding an external web application needs to "clone" the state of the iframe that logs into the portal application server, so its requests to its own application server will have the "state" that can be authenticated by the portal application server.
4. the aforementioned filter will authenticate incoming requests by taking the "state" out of them and checking its validity against the portal application server.

I'm quite new to the whole concept of JAAS based container authentication, so not sure if terms like "clone" and "state" make any sense here. But hope the above clarifies what I need to achieve.

Thanks very much for any input to this!

I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Sharing authentication between application servers?
It's not a secret anymore!