-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sergio,
On 4/5/2011 9:03 AM, Sergio wrote: > We have an environment where there will be several instance of the same > webapp running on tomcat (sharing libraries when possible), each > connecting to different database. My idea is to have a webapp dedicated > to login, once the user login I would redirect him to the webapp of his > company (another context, user in the database is associated with > company). That sounds like a security problem waiting to happen: users can authenticate to the login webapp and then have free access to any company's webapp based just upon URL? > Something like this: > > http://webapp.strategos.net/ (WebappLogin context on tomcat) > http://webapp.strategos.net/company1/ (WebappCompany1 context on tomcat) > http://webapp.strategos.net/company2/ (WebappCompany2 context on tomcat) > > Is it possible to redirect browser to different context and share http > session that was created in the login context? HttpServletResponse.sentRedirect should always work. You just need to make sure that the session will be shared. Read the Tomcat documentation on SSO for more information. > I'm not using tomcat > authentication, the whole authentication process is done by our webapp > (if required we can change this). I don't believe Tomcat's SSO can work unless you are using Tomcat's authentication. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2ctoMACgkQ9CaO5/Lv0PDRAwCghNzyig1d8cE6lSQuNs3ij1lD 6GsAoLoFQNLIzdnq2/sQ3FF52jewndXG =aTIx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
