Hello newsgroup, which is the recommended strategy to implement a central login page (JSP) in JBoss which can forward the user to other web application based on user access rights? The current setup is: we have two web apps, secured with JAAS <jboss-web> <security-domain>java:/jaas/app_1</security-domain> </jboss-web> and <jboss-web> <security-domain>java:/jaas/app_2</security-domain> </jboss-web> which use basic authentication. We need one central login form for all web apps, and a single sign on, so we need to figure out a way to forward the user to a web app using his login information, so that the second web app does not ask for name / password again. In a new web app, we implement a login form for user name / password and a database lookup using these values, which finds the webapps the user is authorized for, and then redirects him to this web apps entry page. I tried to use a sendRedirect with username/password encoded in the URL (http://user:pass@site/context), but unfortunately Internet Explorer did not accept the request. I am reading about Single Sign On and Web Authentication (Programmatic Web Login) with JBoss but still I am not sure which path to follow. All apps are on the same virtual host. We are using version 4.2.0 of JBoss. Is this a standard problem with a best practice to solve it? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4214509#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...