aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes Sharing authentication between application servers? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Sharing authentication between application servers?" Watch "Sharing authentication between application servers?" New topic
Author

Sharing authentication between application servers?

Bing Qiao
Greenhorn

Joined: Oct 24, 2006
Posts: 21
Hi,

I'm developing a web portal that loads other web applications running on different J2ee application servers (JBoss and Glassfish, etc).

All application servers including the one the web portal resides on have their own form based JAAS authentication enabled but they all share the same users database.

The idea is as follows:
1. to have only one login page presented to users which has an iframe embedded in it for every external application and the portal. The iframe points to url that loads corresponding web application, which will be redirected to the login page of that web application.
2. a piece of javascript in the portal login page will pass user credential to individual iframes and login the user to the loaded application.

I've managed to make this work, but wonder if it's possible to have something as follows:
1. to have only the application server where the portal runs to have form based JAAS authentication enabled.
2. every external web application needs to have a filter that authenticates all incoming requests.
3. every iframe holding an external web application needs to "clone" the state of the iframe that logs into the portal application server, so its requests to its own application server will have the "state" that can be authenticated by the portal application server.
4. the aforementioned filter will authenticate incoming requests by taking the "state" out of them and checking its validity against the portal application server.

I'm quite new to the whole concept of JAAS based container authentication, so not sure if terms like "clone" and "state" make any sense here. But hope the above clarifies what I need to achieve.

Thanks very much for any input to this!

Bing
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Sharing authentication between application servers?
 
Similar Threads
Test 399: IBM WebSphere Portal V5.1, Application Development
Websphere Portal - Test 399
Using default JAAS Mechanism in Websphere makes applications to access the context path of the other
JAAS IN websphere .Problem is taht my login module is not getting called from my application login
JAAS in Websphere