Sharing authentication between application servers?


General J2EE: Sharing authentication between application servers?

  1. Sharing authentication between application servers? (1 messages)

    Hi, I'm developing a web portal that loads other web applications running on different J2ee application servers (JBoss and Glassfish, etc). All application servers including the one the web portal resides on have their own form based JAAS authentication enabled but they all share the same users database. The idea is as follows: 1. to have only one login page presented to users which has an iframe embedded in it for every external application and the portal. The iframe points to url that loads corresponding web application, which will be redirected to the login page of that web application. 2. a piece of javascript in the portal login page will pass user credential to individual iframes and login the user to the loaded application. I've managed to make this work, but wonder if it's possible to have something as follows: 1. to have only the application server where the portal runs to have form based JAAS authentication enabled. 2. every external web application needs to have a filter that authenticates all incoming requests. 3. every iframe holding an external web application needs to "clone" the state of the iframe that logs into the portal application server, so its requests to its own application server will have the "state" that can be authenticated by the portal application server. 4. the aforementioned filter will authenticate incoming requests by taking the "state" out of them and checking its validity against the portal application server. I'm quite new to the whole concept of JAAS based container authentication, so not sure if terms like "clone" and "state" make any sense here. But hope the above clarifies what I need to achieve. Thanks very much for any input to this! Bing

    Threaded Messages (1)

  2. Single Sign-On[ Go to top ]

    If servers share the same domain (like,, ect) you can use browser cookie to what you refer as "state", then browser will send it automatically to each of the servers. In general, you are trying to implement what is called Single Sign-On, you could look up for this term to get further references.