Why do the have to be two machines? If they do need to be two machines, you're better off getting a server that supports clustering.
That said, does the client really need to authenticate against the second machine? What if you allow them to post the data to the first machine, then get the first machine to post the data to the second machine. If the user never knows about the secoind machine, you can put it behind a firewall accessible only by the first machine and it should be secure. Even if you still need to authenticate against the second machine, the first machine can do that and still post the data directly.
There is a third option which may not be supported by the client, and that is to get the first machine to authenticate against the second machine on behalf of the client, obtain the session id and then write the session id back to client as belonging to the domain for the second machine. You'll have to look closer at the behaviour of Cookies to see how one domain can write cookies to another domain. It's a but of a privacy risk, so many browsers disable it.
Hope this gave you some options.
posted 13 years ago
thanks for the reply... i pretty like the first idea...
actually, both of the server not located physically on the same location. the situation is like this. i will have a centralized server, second web server, with static IP and domain name.
there will be a lot of first server, connected to the internet through dial-up or broadband connection and most of them will use dynamic ip address.
both server are running on Apache Tomcat 4.0.2, and the first server's web contents will be protected with form based realm. for everyday usage, user just have to log-on the their own web server, first server, and do their stuff there.
but, there will be an occasion where users may have to activate their web server, first server, to the centralized server, second server. in order to do that, users will access activation jsp page on their web server, first server and enter their particulars there. after done, the form will be POST to the servlet on second server.
second server in event receving activation data, will then process it and then will send the result back to some jsp page on first server using response.sendRedirect GET method. the jsp page will then process the result from second server and the display it on user browser. [ May 19, 2004: Message edited by: Ariffin Ahmad ]