This looks like a viable solution. JAAS, etc looks like an overkill. What does jaas offer more? looks like i will have to change my entire authentication mechanism to integrate jaas. any significant advantages?
thnx, amol ----- Original Message ----- From: "Ryan Cornia" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 22, 2002 7.11 PM Subject: Re: Single sign on? > What I do is encrypt a domain level session cookie. Then, in all my apps > I can check for/decrypt the cookie to know if the user is logged in, and > who the user is. (I put username/email in the cookie, but you could put > whatever information you want.) I encrypt it so that its more secure and > can't be "faked". > > This has worked well for me, with about 5 web apps using the system. It > is also nice, because if you use a domain level cookie, you can do > single sign-on across servers..... > > Ryan > > > > >>> [EMAIL PROTECTED] 10/22/02 03:35AM >>> > This is not *purely* a struts question... > > I have multiple webapps, all using struts framework having their own > config files, etc. > No issues so far. > > Each webapp has got its own login scheme. > When a user logs in to one of the webapps, i want to automatically log > her into the other webapps so that i can give links from one webapp to > jsp pages of the other webapp directly. > ( i am using <app:CheckLogon kind of a thing which checks for a webapp > specific attribute in the session which is set by the respective > webapp's authentication module. ) > Something like single sign on. > Assume that the user password is same across webapps. > > Any known design scheme to achieve the same?? > > thnx, > amol > > -- To unsubscribe, e-mail: <mailto:struts-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:struts-user-help@;jakarta.apache.org>