Hi All- I'm working on a web-app launcher. The essential idea is to provide users with a centralized, secure web portal from which they can launch other web applications. The other applications will reside in Tomcat servers different from the portal Tomcat server.
Each application will be protected by standard J2EE security implemented with j_security_check. I'd like to be able to forward to applications and automatically negotiate the j_security_check so that user's don't have to log on once they've already presented their credentials to the portal application (i.e. single sign-on). Is it possible to formulate an href url that simultaneously specifies the target resource and the credentials being passed to j_security_check? I note that in the packet sent in the j_security_check post, all the information needed is present. If the read the packet right, the Referrer in the http header contains the information about the desired "protected" resource. Is this Referrer used by j_security_check to forward a request on to the desired destination? If so, is it possible to set up a servlet that could manipulate the Referrer in the header, and redirect a request along to an application in another Tomcat server, making it look like a post to j_security_check, complete with referrer, j_username and j_password? Any suggestions or comments are welcome and appreciated. Thanks, Jim -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
