tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kenneth topp <cau...@prodigy.net>
Subject Re: Sharing sessions across contexts?
Date Sat, 07 Oct 2000 01:54:37 GMT

On Fri, 6 Oct 2000, Raimee wrote:

> When you say the user id is propogated accross all webapps, I infer
> that it should be availible to a servlet in any context. Though, I'm
> not certain how
> 
> a servlet would obtain it; if it can't be bound to a session. Now,
> when you say that servlets running in different contexts can be
> 'combined' into a single context - from the point of view of the
> servlet container - you've lost me. Am I to infer

yes, it likely uses basic authentication (the web browsers popup).  This
is essential a politically correct cookie, that requires the users
initial input..  It also has the limitation of one URL host only.. it can
be further restricted by a "realm" but you cannot use it two website urls:

  my.example.com and www.example.com

> 
> that a Webapp can span multiple contexts? How is this achieved?
> Obviously I don't know anything about Ant. And that's probably where I
> am going to look next.

ant?  oh, trying to dig into 4.x? heh.

> 
> However, I have essentially an identicle problem: I require 'single
> sign on' support for two seperate webapps, and I must be able to
> access the userId from servlets in either context, once again, I'm not
> sure how that is achieved.

Perhaps some clarification should be made, are these separate webapps at
different host urls?  if they are your only choice is interceptor/valve,
and setting a cookie (that is if they are under the same example.com
domain).  If they aren't you can still do it, but it would be more
complex.

> It seems that it's time to upgrade to Tomcat 4.x. Last time I checked
> however the DBRealm feature was tagged as Experimental. An attractive
> feature that would integrate nicely esspetially for the single sign on
> requirement.

Yeah, but I don't think this technology is anything more then what apache
can do for you with a more stable 3.x.  Then again, any custom
authentication code wouldn't be java ;)

Kenneth Topp

> 
> Raimee
> 


Mime
View raw message