• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Access protected resource (j_security_check)

 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
We have two web applications A and B. From application A I need to access some protected specific pages/actions of B automatically without asking for login credentials from user(like SSO). Here point to be noted is that application A will have username and password of B. Authentication is going fine when I submitt stored j_username and j_password from A to j_security_check of B.
Problem I am facing is when I try to access pages/actions other than j_security_check by submitting j_username and j_password I get login page back which is not expected result. Can someone please suggest me how to solve this problem ?

I think I am looking something similar to j_uri in resin.

Thanks in advance,
[ September 02, 2007: Message edited by: Prasanna Kumar BP ]
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

From application A I need to access some protected specific pages/actions of B



If by that you mean that application A has to act like a client browser, you can use the open source HttpClient toolkit to establish a session with application B. Here is the HttpClient homepage.

Bill
 
Prasanna Puttappa
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
William, thanks for your response. I think I was not clear in my previous post. Application A will have a link to some protected pages of B. On click of the link page will be displayed in the new browser window without asking for username and password.
Btw, is there any work around or feature in Tomcat similar to J_URI ? After going through J_URI feature I think I am looking for this kind of feature in Tomcat.

Thanks,
 
Prasanna Puttappa
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
can someone please suggest a solution to my problem. Thanks in advance.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Prasanna Kumar BP:
... I am looking for this kind of feature in Tomcat.



Moving to our Apache / Tomcat forum.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If both of the applications are running under the same instance of Tocmat, you can use Tomcat's single sign on feature.

http://tomcat.apache.org/tomcat-5.5-doc/config/host.html#Single%20Sign%20On
[ September 03, 2007: Message edited by: Ben Souther ]
 
Prasanna Puttappa
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No they are running on separate servers
 
Prasanna Puttappa
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got the solution to my problem !!!

Hi William,
Thanks for suggesting me to use HttpClient :thumb: . While exploring HttpClient for my problem I got solution @
http://forum.java.sun.com/thread.jspa?threadID=546542&messageID=3856454


cheers,


[ September 05, 2007: Message edited by: Prasanna Kumar BP ]
[ September 05, 2007: Message edited by: Prasanna Kumar BP ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Prasanna Kumar BP:
I got the solution to my problem !!!


I don't understand how that helps with logging into one server, and then not having to provide the credentials to the second server, though. The code logs into one server and retrieves a web page. Where does the second server come into play?
[ September 05, 2007: Message edited by: Ulf Dittmer ]
 
Prasanna Puttappa
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From my problem context as I mentioned before application A will have credentials of B. My approach is writting a landing servlet in A which does all the things required to retrieve content of application B's web page and write it back to browser using PrintWriter.

Hope I am clean now.
Thanks,
~Prasanna
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ah, I see. It's not really single sign-on; you're simply using the username/password from the first application to log into the second one.
 
30 seconds to difuse a loaf of bread ... here, use this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic