> -----Original Message----- > From: David Potts > Sent: 11 October 2001 10:02 > To: 'Orion-Interest' > Subject: RE: How to get the RoleManager > > > inline > > > -----Original Message----- > > From: Mike Cannon-Brookes [mailto:[EMAIL PROTECTED]] > > > > That won't help - I think shared sessions only work between > > two WARs in the > > same app. > > We could probably live with merging the two apps into WARs in > the same EAR file. However, we've just tried that with a > test app and with the shared flag set to be "true" in both of > the <web-app> tags in default-web-site.xml (and also in > default-web-app for good measure!) and we have the same > problem: the second app again goes to the login form. Any > ideas of what config we might have go wrong? > > Juan Lorandi in this thread mentioned putting shared="true" > in orion-web.xml but we can't find that in the docs. What > tag & attribute do we apply this to? Juan also mentions the > same realm name, but this is just for BASIC authentication I > believe, and we unfortunately have to use FORM based > authentication. Is that right? > > > > > The only thing I can suggest is using some sort of cookie > > based system where > > you track via session ID who is logged in (stored in a hashmap or > > something), then from each app lookup that hashmap (via JNDI) > > and log in the > > user programmatically before they are shown the login page. > Very fugly > > though. SSO is one of J2EE's problems. > > > > So the flow of that solution would look like: > > (1) User logs into app1 > (2) Store user info in JNDI somewhere that app2 can see it > (3) The user clicks a link that would take them into app2 > (4) Intercept the login-request and use the stored info to > log the user into app2 > > The problem with this flow is that we don't know how to > intercept at step (4) *before* the user is shown the login > form by the container. Is this possible? > > If not, our idea similar to this would be: > > (1) User logs into app1 > (2) Convince the app2 security (RoleManager?) that the user > is logged in using the values passed to app1 > (3) The user clicks a link that would take them into app2 and > is already logged in > > Hence the original question in this thread: how from app1 do > we get hold of app2's RoleManager? > > Thanks for all the help. > > Dave. >
