This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Shared Security Contexts? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Shared Security Contexts?" Watch "Shared Security Contexts?" New topic
Author

Shared Security Contexts?

Kelly Dolan
Ranch Hand

Joined: Jan 08, 2002
Posts: 109
Is there any way to configure JBoss/Tomcat or a deployment such that:

a) 2 wars within the same ear share the same security context, and
b) wars within different ears do not share the same security context?

I'm familiar with the <valve> element in server.xml in Tomcat referencing the SingleSignOn class. This provides for (a) but not (b).

Thanks!
amit taneja
Ranch Hand

Joined: Mar 14, 2003
Posts: 806
I'm familiar with the <valve> element in server.xml in Tomcat referencing the SingleSignOn class. This provides for (a) but not (b).


what is single SingleSignOn class ? what stuff ur talking about ?


Thanks and Regards, Amit Taneja
Kelly Dolan
Ranch Hand

Joined: Jan 08, 2002
Posts: 109
I'm sorry but I don't know enough to really provide details. The only thing I know (because I was told) is when the SingleSignOn class is "turned on" in Tomcat's configuration, the following behavior occurs:

1. User accesses web application A.
2. Web application A requires user to authenticate.
3. User accesses web application B.
4. Web application B trusts credentials entered in #2 (and therefore does not re-authenticate user).

The problem I am facing is that I want the above to be true for a set but not all of web applications deployed in JBoss/Tomcat.

If you want to dig deeper, I suggest going to the Tomcat documentation. The server.xml file that contains the reference to the SingleSignOn class is found in the \deploy\jbossweb-tomcat50.sar folder. The configuration looks like the following and is by default, commented out.

<Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/>

Hope this helps...
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60082
    
  65

Moved to the Tomcat forum.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Shared Security Contexts?
 
Similar Threads
Shared Security Contexts?
Configure Tomcat & Mysql
A Realm for more than one Webapp
Life cycle CallBacks for Enterprise beans
WAS 5 - Sharing same login between multiple WARs