This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cross Domain Security with Form Authentication

Alon Cohen
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My application has a few domains, each of them containing web modules (WARs).
Currently, I use basic authentication as an authentication method.
Once a user successfully logged in to one of the domains, he can go on to another domain without having to do basic auth again.
I thought that this behavior is caused by a trust between the domains, but after checking it out, I found that there's no trust configured.

Anyway, I need to "upgrade" my auth method to form-based authentication.
I changed all the web.xml descriptors and wrote the forms for the authentication, and they all work.

The problem is that now every time I want to navigate to a page located in a different web module, I need to pass form auth again,
unlike previously with the basic auth.

Does anyone have a clue why that happens and how I can work this around?

Thanks in advance,
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic