I tried browsing here for information specific to this case, but could not
find anything; I apologize if my problem is trivial, but also ask to be
pointed to the right direction if possible.
The issue is, I have multiple applications in a glassfish domain, and I want
them to benefit from SSO; when a user logs into one of them, his session is
extended to the others. However, I'd like to do so using FORM authentication
and programmatic login, that is, using the login() and logout() methods of
the ServletRequest class, in its API version 3.0. When doing so, the user
logs in correctly, but the SSO cookie is not created. So, when the user goes
to another app in the same domain, his credentials need to be asserted again.
Similarly, when I use FORM authentication with the "j_security_check" action,
the SSO cookie is indeed created; but the ServletRequest.logout() method does
not logs the user out of the SSO session, hence, leading to problems too.
Maybe I'm doing something wrong? Or looking at security in the wrong way?
As stated, I'm using a jdbcRealm and FORM authentication. What I want to do
is have a simple web application to handle the authentication, and present a
menu that redirect the user to other applications. But I'd like the login to
be programmatic, as there are other actions I want to take shortly after
authenticating him.
BTW, I'm using Glassfish 3.1 (Java EE 6), and JSF 2 for the whole thing.
Thanks in advance for any help.
--
[Message sent by forum member 'javabeats']
View Post: http://forums.java.net/node/884442