This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes Form and basic authentication issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Form and basic authentication issue" Watch "Form and basic authentication issue" New topic
Author

Form and basic authentication issue

Eshwar Prasad
Ranch Hand

Joined: Mar 21, 2008
Posts: 202
I am developing a new application A implementing form based authentication for user login. However, there is also an existing application B which is already developed with BASIC Authentication.

Both of these connect to same AD through LDAP.

Now, the issue is, if user wants to access both the application. For example, if I login to application A and accessing B will automatically authenticate and provide access without providing the pop up for the user.

The question is how to handle this scenario. Does the ldap user session remains across the browser once login?
William P O'Sullivan
Ranch Hand

Joined: Mar 28, 2012
Posts: 859

That depends.

Are these cross-domain?

You could store data in session and check for it in B.

Better yet, use something SSO based like CAS, and let it do the heavy lifting for you.

WP
 
Consider Paul's rocket mass heater.
 
subject: Form and basic authentication issue