Access protected resource (j_security_check)

Hi,
We have two web applications A and B. From application A I need to access some protected specific pages/actions of B automatically without asking for login credentials from user(like SSO). Here point to be noted is that application A will have username and password of B. Authentication is going fine when I submitt stored j_username and j_password from A to j_security_check of B.
Problem I am facing is when I try to access pages/actions other than j_security_check by submitting j_username and j_password I get login page back which is not expected result. Can someone please suggest me how to solve this problem ?

I think I am looking something similar to j_uri in resin.

Thanks in advance,
[ September 02, 2007: Message edited by: Prasanna Kumar BP ]

From application A I need to access some protected specific pages/actions of B

If by that you mean that application A has to act like a client browser, you can use the open source HttpClient toolkit to establish a session with application B. Here is the HttpClient homepage.

Bill

William, thanks for your response. I think I was not clear in my previous post. Application A will have a link to some protected pages of B. On click of the link page will be displayed in the new browser window without asking for username and password.
Btw, is there any work around or feature in Tomcat similar to J_URI ? After going through J_URI feature I think I am looking for this kind of feature in Tomcat.

Thanks,

can someone please suggest a solution to my problem. Thanks in advance.

Originally posted by Prasanna Kumar BP:
... I am looking for this kind of feature in Tomcat.

Moving to our Apache / Tomcat forum.

If both of the applications are running under the same instance of Tocmat, you can use Tomcat's single sign on feature.

http://tomcat.apache.org/tomcat-5.5-doc/config/host.html#Single%20Sign%20On
[ September 03, 2007: Message edited by: Ben Souther ]

No they are running on separate servers

I got the solution to my problem !!!

Hi William,
Thanks for suggesting me to use HttpClient :thumb: . While exploring HttpClient for my problem I got solution @
http://forum.java.sun.com/thread.jspa?threadID=546542&messageID=3856454

cheers,

[ September 05, 2007: Message edited by: Prasanna Kumar BP ]
[ September 05, 2007: Message edited by: Prasanna Kumar BP ]

Originally posted by Prasanna Kumar BP:
I got the solution to my problem !!!

I don't understand how that helps with logging into one server, and then not having to provide the credentials to the second server, though. The code logs into one server and retrieves a web page. Where does the second server come into play?
[ September 05, 2007: Message edited by: Ulf Dittmer ]

From my problem context as I mentioned before application A will have credentials of B. My approach is writting a landing servlet in A which does all the things required to retrieve content of application B's web page and write it back to browser using PrintWriter.

Hope I am clean now.
Thanks,
~Prasanna

Ah, I see. It's not really single sign-on; you're simply using the username/password from the first application to log into the second one.