This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes BEA/Weblogic and the fly likes Cross Domain Security with Form Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Cross Domain Security with Form Authentication" Watch "Cross Domain Security with Form Authentication" New topic

Cross Domain Security with Form Authentication

Alon Cohen

Joined: Dec 02, 2010
Posts: 3
My application has a few domains, each of them containing web modules (WARs).
Currently, I use basic authentication as an authentication method.
Once a user successfully logged in to one of the domains, he can go on to another domain without having to do basic auth again.
I thought that this behavior is caused by a trust between the domains, but after checking it out, I found that there's no trust configured.

Anyway, I need to "upgrade" my auth method to form-based authentication.
I changed all the web.xml descriptors and wrote the forms for the authentication, and they all work.

The problem is that now every time I want to navigate to a page located in a different web module, I need to pass form auth again,
unlike previously with the basic auth.

Does anyone have a clue why that happens and how I can work this around?

Thanks in advance,
Have you checked out Aspose?
subject: Cross Domain Security with Form Authentication
It's not a secret anymore!