FR wrote:
The standard workaround mentioned is to place user information in
session, but that won't work across webapps using Single Sign On. I
have a bunch of webapps, only one of which is protected and requires
login, the rest work fine without logging in, but display different
information when the user is logged in. This worked great when
getUserPrincipal returned a Principal on every URL after login, but I
can't figure out any way to do it now. I can just pass the userid
around in every URL, but that seems... not good... and involves
changing a lot of links.
Is there any way of seeing if a user has been authenticated (and get
their username) that works across webapps?
I don't see a way to do this without changing the SSO code. I haven't
looked at the SSO code so some of this may already be there. You'd need to:
- always send the SSO cookie
- always check for the cookie and process it regardless of whether or not
authentication is required.
The patches at the end of
https://issues.apache.org/bugzilla/show_bug.cgi?id=1242 may give you some
pointers although they are hard to read as they are in the wrong format.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
