Welcome to the JavaRanch, Anitha!
We'd need more information. SSO is usually provided via a plugin module to whatever security framework you are using. For example, the "CAS" SSO system has a
Tomcat Realm plugin.
SSO is not generally coded into apps, since there are many reasons why it's preferable that security be an external matter - not least of which is that most developer-designed security systems are anything BUT secure. Instead, the security is applied externally. The Tomcat security Realm, for example, is an implementation of the Container-Managed Security component of
J2EE and JEE.
