The details of configuring single-sign on will depend on what server you are using. It is pretty easy with Tomcat.
The forthcoming 1.4 version of the J2EE spec adds a logout() method to the request interface that sounds like it could be used to achieve the cross-context logout functionality you require. In the mean time, it may be possible to use session listeners in all of your apps that talk to some central session management system (that you'll need to create). Perhaps the manager could live in the root context and make itself available to the other contexts via JNDI. Then when a user invalidates their session in one context, the cental manager could be notified (via a call from the listener that is present in that context) and it would invalidate all the sessions that belong to the same user (same user name, or perhaps the same Principal object if it is indeed the same one across the contexts). I am not 100% sure this is possible, but it might help give you some ideas for a solution. -Max ----- Original Message ----- From: "Dave Mulligan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 04, 2003 2:16 AM Subject: CAM - Removing User Principal > I'm creating a number of completely separate applications that sit on the > same server. The > only thing they have in common between them is single sign-on. I have the > Controller app > 'http://localhost:8080/' where the user logs in. Once logged in, the user > can access any of > the other application /app1, /app2 etc. > > I'm using container managed authentication. I *believe* once the user logs > into the '/' context > path, the user principal will be available to all application under that > context path. i.e. '/app1' > Correct? > > This all works fine for me but for one problem. Logging out! > I'm able to invalidate the session, but how do I remove the user principal > from the request? > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
