Html-PHP help

Bryan Sant bryan.sant at gmail.com
Mon Jun 19 10:01:55 MDT 2006


On 6/19/06, Michael L Torrie <torriem at chem.byu.edu> wrote:
> Do JSP containers handle inter-server authentication?  That's the real
> problem the OP was trying to solve.  Having server A authenticate a user
> and then find a way to have server B recognize that server A had already
> authenticated and authorized the user.
>
> So this doesn't really have much to do with sessions.

The first part of the solution I mentioned in my original post would
still need to be written from scratch -- the HTTPS post inter-op
between the two servers.  However, after the authentication has taken
place, session management is still essential.  Unless you want to
re-authenticate the user with every single GET or POST (HTTP is
stateless after all).  A JSP container with no additional
configuration would handle the later and more difficult part of the
problem -- post-authentication page authorization via session
management.

Anyway, to more directly answer your question.  Yes, JSP/J2EE
containers support inter-server authentication through J2EE Realms --
just like Kerberos Realms.  Additionally you can write your own
authentication module with any custom implementation you want with the
JAAS (Java Authentication and Authorization Service) API.  Both of
these solutions are JSR standards and will work in any J2EE/JSP
container.

-Bryan



More information about the PLUG mailing list