[jboss-user] [Security & JAAS/JBoss] - Forwarding to different webapps with given credentials (sing
mjustin
do-not-reply at jboss.com
Tue Mar 3 08:34:10 EST 2009
Hello newsgroup,
which is the recommended strategy to implement a central login page (JSP) in JBoss which can forward the user to other web application based on user access rights?
The current setup is: we have two web apps, secured with JAAS
<jboss-web>
<security-domain>java:/jaas/app_1</security-domain>
</jboss-web>
and
<jboss-web>
<security-domain>java:/jaas/app_2</security-domain>
</jboss-web>
which use basic authentication.
We need one central login form for all web apps, and a single sign on, so we need to figure out a way to forward the user to a web app using his login information, so that the second web app does not ask for name / password again.
In a new web app, we implement a login form for user name / password and a database lookup using these values, which finds the webapps the user is authorized for, and then redirects him to this web apps entry page.
I tried to use a sendRedirect with username/password encoded in the URL (http://user:pass@site/context), but unfortunately Internet Explorer did not accept the request.
I am reading about Single Sign On and Web Authentication (Programmatic Web Login) with JBoss but still I am not sure which path to follow.
All apps are on the same virtual host. We are using version 4.2.0 of JBoss.
Is this a standard problem with a best practice to solve it?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4214509#4214509
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4214509
More information about the jboss-user
mailing list