• Post Reply Bookmark Topic Watch Topic
  • New Topic

Cross Domain Security with Form Authentication  RSS feed

Alon Cohen
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My application has a few domains, each of them containing web modules (WARs).
Currently, I use basic authentication as an authentication method.
Once a user successfully logged in to one of the domains, he can go on to another domain without having to do basic auth again.
I thought that this behavior is caused by a trust between the domains, but after checking it out, I found that there's no trust configured.

Anyway, I need to "upgrade" my auth method to form-based authentication.
I changed all the web.xml descriptors and wrote the forms for the authentication, and they all work.

The problem is that now every time I want to navigate to a page located in a different web module, I need to pass form auth again,
unlike previously with the basic auth.

Does anyone have a clue why that happens and how I can work this around?

Thanks in advance,
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!