i have two web server:
first one running JSP pages on protected folder in tomcat.
second one running servlet, also in tomcat.

user will open a browser and go to the first web server.
after form based authentication done, user will be able to do what he want.
then, user may fill up a form, and then the form will be POST to the servlet on second server.
servlet on second server will process the form and redirect user browser to the JSP page on the first web server, with additional GET parameter.
the JSP page on first server then should take the GET parameter and display it on user browser.

the question is, how do i be able to pass the GET parameter from servlet to the JSP page on first web server. it seems that, every time i tried it, the first server keep redirect me to the login page. and after i logon, some error message displayed says it can't redirect my request.

any idea?....

Why do the have to be two machines? If they do need to be two machines, you're better off getting a server that supports clustering.

That said, does the client really need to authenticate against the second machine? What if you allow them to post the data to the first machine, then get the first machine to post the data to the second machine. If the user never knows about the secoind machine, you can put it behind a firewall accessible only by the first machine and it should be secure. Even if you still need to authenticate against the second machine, the first machine can do that and still post the data directly.

There is a third option which may not be supported by the client, and that is to get the first machine to authenticate against the second machine on behalf of the client, obtain the session id and then write the session id back to client as belonging to the domain for the second machine. You'll have to look closer at the behaviour of Cookies to see how one domain can write cookies to another domain. It's a but of a privacy risk, so many browsers disable it.

Hope this gave you some options.

Dave.

thanks for the reply...
i pretty like the first idea...

actually, both of the server not located physically on the same location.
the situation is like this.
i will have a centralized server, second web server, with static IP and domain name.

there will be a lot of first server, connected to the internet through dial-up or broadband connection and most of them will use dynamic ip address.

both server are running on Apache Tomcat 4.0.2, and the first server's web contents will be protected with form based realm.
for everyday usage, user just have to log-on the their own web server, first server, and do their stuff there.

but, there will be an occasion where users may have to activate their web server, first server, to the centralized server, second server.
in order to do that, users will access activation jsp page on their web server, first server and enter their particulars there. after done, the form will be POST to the servlet on second server.

second server in event receving activation data, will then process it and then will send the result back to some jsp page on first server using response.sendRedirect GET method. the jsp page will then process the result from second server and the display it on user browser.
[ May 19, 2004: Message edited by: Ariffin Ahmad ]