This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes BEA/Weblogic and the fly likes Cross Domain Security with Form Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Cross Domain Security with Form Authentication" Watch "Cross Domain Security with Form Authentication" New topic
Author

Cross Domain Security with Form Authentication

Alon Cohen
Greenhorn

Joined: Dec 02, 2010
Posts: 3
My application has a few domains, each of them containing web modules (WARs).
Currently, I use basic authentication as an authentication method.
Once a user successfully logged in to one of the domains, he can go on to another domain without having to do basic auth again.
I thought that this behavior is caused by a trust between the domains, but after checking it out, I found that there's no trust configured.

Anyway, I need to "upgrade" my auth method to form-based authentication.
I changed all the web.xml descriptors and wrote the forms for the authentication, and they all work.

The problem is that now every time I want to navigate to a page located in a different web module, I need to pass form auth again,
unlike previously with the basic auth.

Does anyone have a clue why that happens and how I can work this around?

Thanks in advance,
Alon
 
Consider Paul's rocket mass heater.
 
subject: Cross Domain Security with Form Authentication