Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!

Andres Gorostidi

+ Follow
since Aug 05, 2003
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Andres Gorostidi

Please, let me known if I am wrong of not:
With form based authentication, I only have to protect a resourse, and then specify form based authentication. A web container must implement a form with a POST action with the distniguised pseudo URL j_security_check, wich takes username and password parameters with the defined names j_username and j_password.
The container will force the user to authenticate by submitting the login form.
Then, a HTTPSESSION will be created, and mantained with the JSESSION cookie. Is true that, afterthat, the form is no longer submitted since I already have the data onf the authenticated user on the JSESSION ? Could I access to the data (getUserName) of the user only trough that session ?
If so, since the data of the session is stored on the JSESSION cookie.. What happens If I get redirected to another WebLogic Server ? What happens if a open antoher applicatoon on that server (or a different one) that has his own session ?
I am trying to develop a single sign-on architecture between Domino, IIS and WebLogic.
Initial page is on Lotus Domino Web Server, so once a user gets authenticated there, I write a cookie with the user info. On IIS I hava an ISAPI developed that automatically authenticates the user based on such info.
My question is.. Can I use JAAS to rad the info on that cookie and get automatically authenticated (without receiving and additional prompt) on WebLogic ?
I read somewhere that on Web Application Servers there is no standar API to make a user authenticated withouth submitting the application´┐Żs login form. So, I am afraid on JAAS not being similiar to ISAPI to got the sso that I need... Any workaround or idea to get it ?
Not agree... That could be some years ago, but currently, Websphere is ahead to WebLogic on terms on complaiance on J2EE standars as well as on investments, framework, "vision", utilities, and development tools.
18 years ago