George, We are planning to incorporate Axis into our web application by referencing the Axis servlets in web.xml and placing the Axis jars in WEB-INF/lib. The Axis servlets and our servlets and JSPs will be in the same web application (i.e. same Tomcat context root) and therefore share Sessions. This will give us a single sign-on capability. The downside is that if a third-party client were to access our web service they would need to login using our form-based login mechanism which essentially rules out machine-to-machine interaction. For us that is ok, but you would have to consider that for your own project. See http://ws.apache.org/axis/java/install.html#advanced for a discussion of embedding Axis in your own web application.
-Mark -----Original Message----- From: George Armhold [mailto:[EMAIL PROTECTED] Sent: Friday, August 06, 2004 12:50 PM To: [EMAIL PROTECTED] Subject: single sign-on for Tomcat+Axis? I'm wondering if someone could suggest what might be a "best practice" for implementing single-sign-on for Tomcat/Axis. I have an app that is partially web-based (servlets and JSPs), and partially Swing-based. The Swing portion talks to the server over SOAP using Axis. I'd like the user to be able to log in once, and have his session carry over from the web half to the Swing/SOAP half, and vice-versa. I have a couple of "DIY" approaches in mind, but I would like to know if there is something standard out there. The first DIY approach that comes to mind is to have Axis/SOAP implement the true login "session", and make the servlets log in via SOAP as well. Then the servlets pass SOAP session IDs to any Swing clients they launch via JNLP. This sounds possible, albeit kind of kludgy. Is there a more standard solution? Thanks.
