> > can you explain what you meant when you said you
> "need to use different forms for different roles?".
>
> Shure, that means that different roles in application
> have different login pages.
> For exmple simple users of application logind on
> /login jsp page. But if some one tries to access to
> /admin/*.jsp it should be redirected on
> /admin/login.jsp and so on.
>
> It means that i need to have different restriction
> zones in my application.
>
> I realized it by ProgrammaticLogin using Servlet
> Filters, but now i see that ProgrammaticLogin do not
> register my apllication in SSO Engine of glassfish.
> But i need sso for seamless integration with other
> application in this domain which uses the same Realm
thanks, you want to present different login forms for different parts of your app, but I am still not sure how roles will factor into the mechanism. I can expect that access to content available in one zone may require that users be mapped to different roles than is required to access content in other zones; but (this is a bit off your original question) but I am curoious as to whether you expect either of the following to be the case:
1. that a given user x; will be able to login at some zones, but not at others
2. that a given user x; will be mapped to different roles depending on at which zone they login.
if so, you will probably need to be able do more than just change the way authentication is "presented" in the various zones. You will also have to change the "effect" in terms of what credentials/roles are assigned as a result of authentication.
so back to the question.. we need to update our programmatic login interfaces (both as part of standardization, and to achieve parity (wrt to SSO) with the result achieved when the configured mechanism is invoked by the container.
It seems reasonable to enhance webprogrammatic login to provide an ability to produce an sso result. Can you please create a Glassfish issue/RFE to ask that this be done. If you have ay suggestions as to the change please add them to the RFE, If you want to see how sso is effected in Glassfish, take a look at the register method of AuthenticatorBase.java.
If you need to cause the types of additional effects that I asked you about above, then I think you probably should look into defining your own web layer authentication pluggin either as a jsr 196 auth module or a custom Tomcat Valve. Either approach would allow you to customize both the presentation and effect of authentication at different "zones" within your application, and both of the overall mechanism can use the sso registration facility I pointed to above.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=302779