tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Assaf Arkin <ar...@exoffice.com>
Subject Re: login-config handling (was Re: Help with Interceptors)
Date Fri, 11 Feb 2000 20:13:56 GMT
> What you say is true about sessions (they are specific to a servlet context),
> but not necessarily true for general user authentication.  The 2.2 spec allows a
> container to implement "single sign on" authentication for multiple web apps on
> the same server, although it gives precious few details on how to do this in a
> portalble manner.  I would hope that would be clarified in the next round.

I guess my question, since I want to see one login for the entire realm
(and all contexts), is how can you specify that in the DD?

 
> In the Catalina architecture this would not be terribly hard to implement,
> because you can attach a Realm at any level in the containment hierarchy.
>  However, there'd still be some issues about how you configure the session id
> cookies for each app, plus how to decide which context to use for the actual
> authentication rules.

What happened to SecurityProvider? I find it easy to work with a single
SecurityProvider where 'realm' is passed as an argument, rather than a
Realm per realm.

> 
> >
> > What you want to do is be able to carry the login from one context to
> > another. Once you logged into one context, you are automatically logged
> > on in the other. Have no clue how to make it happen, but I think that's
> > how it should work.
> >
> 
> What we're saying is that the values returned by getRemoteUser() and
> getUserPrincipal() would be global to multiple apps, with only a single login
> challenge.  The sessions would still be unique per context, but you'd be able to
> count on the fact that the container authenticated the user for you.

If it can be done that way, all the better!

arkin

> 
> Craig McClanahan
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

-- 
----------------------------------------------------------------------
Assaf Arkin                                           www.exoffice.com
CTO, Exoffice Technologies, Inc.                        www.exolab.org

Mime
View raw message