Ilya Cyclone

+ Follow
since Feb 28, 2010
Merit badge: grant badges
For More
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Ilya Cyclone

Hello there.
On a tomcat-7 instance I have ApplicationA, ApplicationB and SSO vavle turned on. Both applications are servlet-based and secured with form security method.
When I use web browser, SSO works as intended: when I open ApplicationA for the first time, I'm prompted to enter username and login. After I pass login form I can access ApplicatioB without being asked to login.

Now the usecase is: ApplicationA needs to request some content from ApplicationB. So I open ApplicationA in web browser and enter login and password in a login form. After that ApplicationA creates HttpUrlConntection to ApplicationB to get some content but it only gets ApplicationB's login form instead as it is a new request which is not authenticated.
I expect ApplicationB to be accessed for a programmatic request from ApplicationA without login form because I've logged into SSO in a browser.

Also I need content from ApplicationB as a String in ApplicationA, so I'm not using requestDispatcher.include().

Is it possible?
Thank you.

What I tried is to set all Cookies (there are things like JSESSIONID and JSESSIONIDSSO) and headers from my browser request to HttpUrlConnection via conn.setRequestProperty() but no luck.
Hi Coderanch,

I'm developing some J2EE applications that should have common login point. My apps are hosted on GlassFish v3 application server.

There is web.xml based security with FORM method (a HTML form with "j_security_check" action) and JDBC Realm on PostgreSQL 8.4 datasource. It worked absolutely fine while GlassFish SSO was disabled.

Now SSO is enabled on GF's HTTP Service page and it really works fine when I need to log in. Each my application lets a logged user in. But here is another problem.

My logout servlet not always works at first time. It happens quite often (but not each time) that I stay logged in after my logout servlet has done processed the request with no exceptions.
It never happened until SSO was enabled.
Servlet code is below.

I would be pleased for some useful hints.

14 years ago
Hi Thamu,

in yout JSP there should be smth like:

14 years ago
Hi Coderanch.
In my J2EE 5 application I have a JDBC Realm based security with Form method. Encrypt method is MD5 as default.
The database is PostgreSQL 8.4 installed locally (or 8.3 available via lan).

My app used to work finely on GlassFish v2.1 server with PostgreSQL 8.3, but now I need to deploy it on GlassFish v3.
I am absolutely sure I have done all the same config on GFv3 like creating Connection Pool (which pings with no problem), JDBC Resource and JDBC Realm.

But on GFv3 I get login exception with "invaliduserreason" while the database schema is just created from the working database script.
I have checked the data and entered login/password thousand times and it seems that data is all right.

So where can I find the reason of unworking security? Please, advice.

NetBeans 6.8
Hi Coderanch,

I want to build a web application which could start and stop deployed J2EE application.
All applications (including the one to build) are deployed on the same domain.
The app server is GlassFish v3 (preferred IDE is NetBeans 6.8).

Please, advice me, where to look for the answer?
14 years ago