Hi Meir, we are not using LDAP. The principle of our solution is as follows: We have written a simple Servlet, that gets authenticated by Tomcat via FormLogin. The Servlet will then read the Cookie JSSOSessionID and will write the contents of this Cookie into the MySQL-DB specified by mod_auth_cookie_mysql2. All the static content is served by Apache httpd, and the static content requires a valid user. Now Apache takes a look into the MySQL via mod_auth_cookie_mysql, checks if the stored cookie is available, and voilà: User is authorized. Dynamic webapps are protected by Tomcat only, and since we are using the SingleSignOnValve, access is granted after the user has initially been authorized by the SingleSignOn-servlet. Sure, you'll have to think about a few things (i.e. expiry in MySQL should be equal to Tomcat's session-timeout etc.), but that's not too difficult. Hope that gives you the idea. Coming to Sun's framework: Take a look at https://opensso.dev.java.net/ - if you want to utilize LDAP, you might want give it a shot. However, for our purposes it was way to oversized. Cheers Greg -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|