I have 2 war files running on the same web server. There is a login jsp page in the first war. When the user login through the login page, how can I pass the userid to the second war (for example, pass the first web application userid to the session of second web application)?
There are many single sign on solution, for example you can use Netegrity products. However I use very simple solution, when a user logged in first war it stores user login information in a small file and setup its name as a cookie value with domain scope. When a user hits second war it looks for a cookie value and if it's here, then opens a file and reads credentials. Instead of file you can use a global static map, unless your servlet container provides a good isolation.
1) Store the data in a database. This would have an advantage that you could use the information even if you moved your applications to separate machines that didn't have access to the same file system. Code this to an interface and you can hide your storage mechanism.
2) Put a class of yours in the server level classloader and use a static variable (Map?) to store the information. This way any application running on this server could access the same information.
Whatever solution you choose I would code to an interface which will allow you the flexibility of switching between the above 3 mentioned implementations (save to file, save to db, store in static instance).
I solved similar problem once. Check if my ideas solves your problem.
I was asked to use same authentication information of one Web Application(say "webApp1") in another web Applcation(say "webApp2")which was running on same or different server. I did in this way,
I have an authentication information of a user for webApp1 with me. I am sending this information by encoding in URL request to the webApp2. But here webApp2 is maintaining sessions(and there was no session for the given user in webApp2), hence it took me to the login page of webApp2, which shouldn't. Hence I written another similar login class file in webApp2 but this time that class creates a session (by redirecting the request to browser)with the authentication information (encoded in URL).
In that way I solved my problem. As I didn't have much time then, I haven't explored the servlet container capabilites regarding this. Explore in that direction also.
If both of your web applications reside in the same server, then both of the web applications can be within the same protection domain boundary if you declare them in web.xml. For example:
Application 1 and 2 web.xml:
You can use FORM authentication, instead of BASIC authentication if you need to provide your own user interface for the login.
I'm using Tomcat UserDatabaseRealm for the authentication user information, but you can using JdbcRealm if you need to lookup those information in a database.
If you are using other servers, i believe that they would have similar facility for this, because the concept of protection domain boundary is a standard for servlet container.
SCJP, SCWCD, SCJWS, IBM 700,IBM 701, IBM 704, IBM 705, CA Clarity Technical<br /> <br /><a href="http://eddyleesinti.blogspot.com" target="_blank" rel="nofollow">http://eddyleesinti.blogspot.com</a>
The harder I work, the luckier I get. -Sam Goldwyn So tiny. - this ad: