Hi, sorry if this was posted earlier, i tried searching but didnt know exactly what to type,since there are 100's of posts on servlet comm.
i have three seperate web applications (each with its individual webcontent,web.xml etc) basically they are independent applications. Currently all the HTML files communicate with servlets within the application only(there is no cross application interaction). Now i have to implement a login module for all of these, so that if a user does a login in one application he should be considered logged in in the other two applications also. How do i implement this? is there a way apart from using cookies. maybe have the servlets communicate directly.
Can i implement the login part as a separate web application? please suggest me ideas. thanks in advance.
There are some dirty way to handle your signle sign on solution and some clean way to handle it. Cleanest way is to use single sign on tools. but as dirty way you can use same persistence(Database/file) mapping for Authentication, or using web service on each part to assist Web Apps interact with each other.
Single sign on tools are expensive and hard to understand. If you want to try this dirty solution let me know what you think about it.
1. Create a web application which acts as single sign on (sso) server application. 2. You may still have individual login screen with each web app or you can have it on sso app. 3. Each time user is authenticated, sso app should be notified about it by invoking it's URL so that sso app saves this info. 4. SSO app returns you a key (to be used as cookie value), set this as cookie on client such that all of your apps will receive this cookie. 5. Now on any of your app if client is not authenticated they will not get the cookie and should be directed to login page. 6. If we receive a cookie, verify it against sso app by invoking it's URL. 7. If sso app gives positive response, user is authenticated. 8. If sso app gives negative reponse, user is not authenticated.