Hardik Shah wrote:
my first and last goal about that i want to maintain single sign on without
storing user information in session
i have also integrated hibernate with it ,can i use for achieve somthing
like or not?
Do you mean single sign-on as in across multiple domains or webapps? If
so, this will probably be container specific.
If you mean a stateless authentication approach (ie. they sign in once,
then each subsequent request includes the credentials so you don't have
to maintain a session for them), then:
- use HTTP basic (or digest) so the browser must authentic each request
- this will need to be setup in your container
- if you use a JDBC realm, then, with tomcat at least, you can allow
tomcat to access the tables directly and use your own webapp to
add/remove users in those tables.
To avoid the terrible browser pop-up for credentials:
- if the user has javascript, perform login via an asynchronous request;
- if the user doesn't have javascript, allow the container to redirect
them to a plain old J2EE login page
When you have a HTTP server in front of your J2EE container it gets a
little more complicated; I'm not too sure about that.
This isn't as trivial as it should be. There may be a better approach.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
