• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Basic question in sessions

 
Ram Gokul
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Is HttpSession an attribute of a container or for a webapplication ?
If I forward the request from app to another app , with jsessionid , will i be able to see the login user ( which is a session attribute ) in the second app also.

ie. From http://myname.com/myfirstapp/logon.jsp--> I forward to servlet which intializes the login user object and based on parameters , forward it to http://myname.com/secondapp/ with URL rewriting ..In this second app , can i see the User object.

I tried and it is not working but i think it should . Maybe I am making mistake in session rewriting ..Any advice.
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You shouldnt be able to. The session was created for that application and that application only. You cant use the jsessionID for other applications since the container will not be able to associate with that session. Imagine if you could log into yahoo and be redirected to hotmail (and logged in automatically) just because you have a jsessionID allocated to the user. Yikes !
 
Ram Gokul
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK.I see your point .
I am in the process of developing a SSO page where in a User logs in once and gets the menu . From that menu he can launch different applications . ( reports / UI / lookups) .They are in the same container but different Contexts .
How do i achive this then ? Any ideas.
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You would have to do it with Kerberos , GSS i guess. I have not implemented this at any point in my life but I did find some nice articles about it on the net.

http://www-128.ibm.com/developerworks/java/library/j-gss-sso/

http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html

Check if they work out for you. Some interesting stuff. So interesting that I am gonna try to implement it over the week end. Good luck
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSO implementation and configuration is container specific.The way its done on Tomcat 5.x is differernt from the way its done in OC4J or wepsphere or weblogic.
Look the vendors documentation.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In case you want to implement the same for Tomcat.

SSO in Tomcat 5.5
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic