Hi, The software i am currently has about 8-10 web apps linking to each other at various stages. Most pages require authentication. My problem is how do we share common data such as userId and locale preferences across the web applications. Obviously the HttpSession and ServletContext are ruled out. Has someone faced this problem before? How did u overcome this? This is urgent so please let me know if anyone has a solution. Thanks in advance, Das
We were discussing this a while back and its heavily vendor specific - what app serbver are you on? I was looking to allow a Single Sign On ability between applications on Websphere, but also had a look at Tomcat at the same time. Websphere allows Single Sign On between separate web-apps, but only if it has been enabled via config settings, and ONLY if the web applications share a similar DNS. Therefore you can share between www.domain.com and sub.domain.com, but not between www.domain1.com and www.domain2.com I think Websphere enables this by having the separate web-applications share the same session ID, which gets turned into individual or shared sessions at the server depending on configuration. Websphere Portal Server also supports Single Sign On, but I think it enables this by being implemented as a single web-app with multiple channels - ie there is only a single point of contact to the application server... Dave
Joined: Nov 26, 2000
Thanks Dave, The code is going to run on WebSphere V4.0 Single Server Edition. We don't have a problem about the domain because all the web apps will be running on the same box. Can you please tell me how to configure the app server to use the same session id across web apps? Or point me to some documentation? Thanks a lot, Das
The servlet API is specifically designed to prevent what you are trying to do. Web Applications are supposed to be completely independent - they are not supposed to share IDs etc etc. You need to re-factor your design or share information through a database. You could also share information through an independent application running RMI. Bill
That just won't do. According to the docs, "...this method allows servlets to gain access to the context for various parts of the server, and as needed obtain RequestDispatcher objects from the context. The given path must be begin with "/", is interpreted relative to the server's document root and is matched against the context roots of other web applications hosted on this container." But the specs say that: "HttpSession objects must be scoped at the application (or servlet context) level. The underlying mechanism, such as the cookie used to establish the session, can be the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container. To illustrate this requirement with an example: if a servlet uses the RequestDispatcher to call a servlet in another web application, any sessions created for and visible to the callee servlet must be different from those visible to the calling servlet."
Originally posted by Suprakash Das: Hi, The software i am currently has about 8-10 web apps linking to each other at various stages. Most pages require authentication. My problem is how do we share common data such as userId and locale preferences across the web applications. Obviously the HttpSession and ServletContext are ruled out. Has someone faced this problem before? How did u overcome this? This is urgent so please let me know if anyone has a solution. Thanks in advance, Das
This could be slightly painful -- create a cookie that contains a unique userid. The cookie can be accessed by all web apps in the same domain. Use that cookie as a key into a small database table that contains the shared information. Cache the information in the HttpSession of each of your individual web apps so that it's read exactly once per web app. A single "Profile" class could accomplish all of these for you...in fact this is basically how the UserProfile class works in WebSphere Personalization and Portal Server... Kyle