• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Tim Cooke
  • Devaka Cooray
  • Ron McLeod
  • Jeanne Boyarsky
  • Liutauras Vilda
  • paul wheaton
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
  • Tim Holloway
  • Martijn Verburg
  • Frits Walraven
  • Himai Minh

Sharing authentication between application servers?

Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I'm developing a web portal that loads other web applications running on different J2ee application servers (JBoss and Glassfish, etc).

All application servers including the one the web portal resides on have their own form based JAAS authentication enabled but they all share the same users database.

The idea is as follows:
1. to have only one login page presented to users which has an iframe embedded in it for every external application and the portal. The iframe points to url that loads corresponding web application, which will be redirected to the login page of that web application.
2. a piece of javascript in the portal login page will pass user credential to individual iframes and login the user to the loaded application.

I've managed to make this work, but wonder if it's possible to have something as follows:
1. to have only the application server where the portal runs to have form based JAAS authentication enabled.
2. every external web application needs to have a filter that authenticates all incoming requests.
3. every iframe holding an external web application needs to "clone" the state of the iframe that logs into the portal application server, so its requests to its own application server will have the "state" that can be authenticated by the portal application server.
4. the aforementioned filter will authenticate incoming requests by taking the "state" out of them and checking its validity against the portal application server.

I'm quite new to the whole concept of JAAS based container authentication, so not sure if terms like "clone" and "state" make any sense here. But hope the above clarifies what I need to achieve.

Thanks very much for any input to this!

Clowns were never meant to be THAT big! We must destroy it with this tiny ad:
the value of filler advertising in 2021
    Bookmark Topic Watch Topic
  • New Topic