Hello there.
On a tomcat-7 instance I have ApplicationA, ApplicationB and SSO vavle turned on. Both applications are servlet-based and secured with form security method.
When I use web browser, SSO works as intended: when I open ApplicationA for the first time, I'm prompted to enter username and login. After I pass login form I can access ApplicatioB without being asked to login.
Now the usecase is: ApplicationA needs to request some content from ApplicationB. So I open ApplicationA in web browser and enter login and password in a login form. After that ApplicationA creates HttpUrlConntection to ApplicationB to get some content but it only gets ApplicationB's login form instead as it is a new request which is not authenticated.
I expect ApplicationB to be accessed for a programmatic request from ApplicationA without login form because I've logged into SSO in a browser.
Also I need content from ApplicationB as a
String in ApplicationA, so I'm not using requestDispatcher.include().
Is it possible?
Thank you.
What I tried is to set all Cookies (there are things like JSESSIONID and JSESSIONIDSSO) and headers from my browser request to HttpUrlConnection via conn.setRequestProperty() but no luck.