views:

31

answers:

2

My web application has a login-config such as this:

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Some_Realm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/logerror.jsp</form-error-page>
</form-login-config>
</login-config>

This project is now a part of a group of web apps that use single sign on and there is a common login page in another war file. Is it possible to have the form login page be outside of the current war file? What is the best approach here?

((I have tried adding a redirect in my login.jsp page so that it redirects to the desired login page. If the other app can redirect to my app based on a target url that we pass to the app, will that be a solution? My attempt to do that resulted in an infinite loop for now. Not sure if it is because, my SSO implementation is not yet in place. We are planning implement SSO using cookies/tokens. )

A: 

You can not take any file outside of war file. And also the redirection approach is not good, as someone can directly heat your target URL. If you r using that redirection approach you must do using the session so that no one can directly reach the target URL. If you want me to explain how to do that tell me.....

Darshan G. Prajapati
Please explain in detail. Thanks!
jsfQ
A: 

To jsfQ

You can do using the Session as below : Keep one common login page for your both web application. Now whenever user logins through your common login page set one session attribute which will be used for security. Now you will redirect the user to one of your web application. Now what you do on the redirected application is get the session attribute which u hv set during login, if u get it null that means some one has directly heated your applications URL. So you can show the appropriate error message that please login through the login page....

Is it ok? understood?

Darshan G. Prajapati