I'm wondering if someone could suggest what might be a "best practice" for implementing single-sign-on for Tomcat/Axis. I have an app that is partially web-based (servlets and JSPs), and partially Swing-based. The Swing portion talks to the server over SOAP using Axis. I'd like the user to be able to log in once, and have his session carry over from the web half to the Swing/SOAP half, and vice-versa. I have a couple of "DIY" approaches in mind, but I would like to know if there is something standard out there.
The first DIY approach that comes to mind is to have Axis/SOAP implement the true login "session", and make the servlets log in via SOAP as well. Then the servlets pass SOAP session IDs to any Swing clients they launch via JNLP. This sounds possible, albeit kind of kludgy. Is there a more standard solution?
Thanks.
