I am developing A Web Application using JSP
& Servlets
(Container: Tomcat7
, Database: Oracle10
)
I have developed some web applications like Profile
, Reports
, Leads
. Then I have developed A Login
application. In this application I am storing USERID in Session
with some more session attributes.
After user logs in he will be shown menu which contains links to other Applications like links to Profile
Application.
So when I access Session
after user log in:
Profiles
then I get session as null
code snippet to check session (Servlet Filter in Login web application)
HttpSession session = request.getSession(false);
if(session==null)
{
System.out.println("Session does not exist... Redirected to LOGIN Page.");
response.sendRedirect("/ApplicationName/Login.jsp");
}
I am accessing session in Profile
application to check whether user is logged in or not.
Then I have searched, and I have found that Session
can't be accessed from other applications for security reasons.(I have also found that it can be done by setting crossContext="true"
)
Then I have found other option like making EAR
of all applications and then deploy it, but unfortunately EAR
it is not supported by Tomcat7
.
I am new to web environment, so if anyone has worked on this before then please let me know what can be the options?
Thanks in advance
Update1
Now I have decided to use EAR
, in which I will pack all WAR
files and then I will try to share session between them. since Tomcat doesn't support EAR
I have installed Oracle Glassfish
, Then I have created Enterprise Application Project
which contains two Applications 1. Login
and 2. Profiles
, and then created EAR
file, and deployed it on Glassfish
. So I want to share session between those two applications(on Glassfish), so if anybody has any idea about it then please let me know. (link to any tutorial will also be appreciated)
As pointed above, the requirement you talking about is Single Sign On (SSO). The simplest SSO that you can implement is the following:
Use AES-256 for the encryption.
The way I have seen this done in my shop is to stuff the login credentials into an encrypted cookie and install agents (java filters, web servers mods etc, in front of the applications that need the user data) that will decrypt the cookies and pass along the data to the downstream applications. Do not store login information in HTTP session if you want to share it across applications.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.