Single Sign-on with Multiple Servlets and JSPs
I am in the midst of attempting to logically tie together a number of our
web applications under a single sign-on "umbrella". What we want is the
following: for any n applications a user may have access rights for up to n
of them. Once signed in, she has rights to visit any app to which she has
permissions as long as her session is valid. Unfortunately, I'm having
trouble seeing how to make this work given the documentation that I have.
I've read thru the newsgroup in search of a solution, but I haven't seen
anything geared toward this specific approach.
Currently, each "application" (servlet) has a list of valid users via ACLs
(we've implemented a RealmExtender, so we're not going via props file
entries), and we let the browser pop-up window enforce the sign-on. This
has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
really rather have our own form-based sign-on for production.
To that end, we've done the following:
1) implemented a JSP form-based sign-on (basically ripped off from the
example provided by BEA), which does a "ServletAuthentication.weak()" check
to confirm identity.
2) placed the following code (essentially) within the service() method of
our servlet superclass, which I thought would force another check. My
intention is to disallow the user from "jumping into" an app thru a
shortcut, and thereby bypassing security.
HttpSession session = request.getSession(true);
if (session.isNew()) {
response.sendRedirect(welcomeURL);
However, we can't get the form-based approach to mimic the functionality of
the default browser pop-up: the sign-in doesn't seem to "follow" the user
the way it did with the pop-up. Instead, when I come in thru our login
page, the browser pop-up is still appearing when I click the link for an
app for which to which I have permissions.
Is the default browser pop-up doing something different that I should know
about? Seems like this should be simple to do, but it's surprisingly subtle
(or maybe I'm just clueless).
TIA
Well, if you want to hear my personal opinion:
better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
(1) not the server but the http client is defining the content of the cookie (= part of the http server response)
(2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
Regards, Wolfgang
Similar Messages
-
ADFS single sign-on with office 365 and multiple forests
I have 2 forests with one of them (Forest A) only running Exchange / Office 365 in hybrid mode. The other forest (Forest B) has my AD accounts for everyday user login and work. Is there a way to set up ADFS between these 2 forests in order for Forest B
to achieve single sign-on to office 365? Today users have to login with separate office 365 accounts in order to access email and sharepoint. Short of migrating Forest A into Forest B and getting down to one forest / domain, is there anything else we can do
to achieve single sign-on?Hi,
Based on my research, we can have one ADFS farm servicing multiple forests, here are some related articles below for your references:
Multi-forest and Multi-tenant scenarios with Office 365
http://blogs.technet.com/b/educloud/archive/2013/08/02/multi-forest-and-multi-tenant-scenarios-with-office-365.aspx
Hybrid Deployment Prerequisites
http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
SupportMultipleDomain switch, when managing SSO to Office 365
http://blogs.technet.com/b/abizerh/archive/2013/02/06/supportmultipledomain-switch-when-managing-sso-to-office-365.aspx
For more information about Office 365, I suggest you refer to Office 365 community below:
http://community.office365.com/en-us/f/default.aspx
Best Regards,
Amy -
Single Sign-On with multiple shops in E-Commerce 7
I have more than one shop and everything is working fine.
Right now I want to do a single sign on.
I have it working in a previous version. e-commerce v4
I'm developing in e-commerce v7.
The class PrepareLoginAction.java exists.
The action "/preparelogin" exists in the file config_user.xml, but never used.
Can anyone know why or how I can use PrepareLoginAction in v7.
Any help will be much appreciated.
Thanks in advance.Well, if you want to hear my personal opinion:
better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
(1) not the server but the http client is defining the content of the cookie (= part of the http server response)
(2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
Regards, Wolfgang -
Help With Integrating Servlet and JSP Page?
Hello There
--i made jsp page that contain name and description fields and add button
--and i made servlet that contain the code to insert name and description in the database
--and i want to make that when the user hit the add button
-->the entered name and description is sent to the servlet
and the servlet sent them to database?
here's what i 've done:
the jsp code:
<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
Categories Page
</title>
<html:base/>
</head>
<body style="background-color: white">
<form action="jpage.jsp" method="get">
<h1>
<center>
categories Operations
</center>
</h1>
<h3>
<label>Name</label>
<input type="text" name="name" value="" size="10" />
<label>Description</label>
<input type="text" name="description" value="" size="10" />
<input type="submit" value="Add" name="button" />
</h3>
</form>
</body>
</html:html>the servlet code:
import java.io.*;
import java.util.Enumeration;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.net.*;
class NewServlet1 extends HttpServlet{
Connection conn;
private ServletConfig config;
public void init(ServletConfig config)
throws ServletException{
this.config=config;
public void service (HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
HttpSession session = req.getSession(true);
res.setContentType("text/html");
try{
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost/struts", "root", "");
PreparedStatement ps;
ps = conn.prepareStatement ("INSERT INTO categories (Name, Description) VALUES(?,?)");
ps.setString (1, "aa");
ps.setString (3, "bb");
ps.executeUpdate();
ps.close();
conn.close();
}catch(Exception e){ e.getMessage();}
public void destroy(){}
}The JSP Code:
<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
Categories Page
</title>
<html:base/>
</head>
<body style="background-color: white">
<form action="actionServlet.do?action=Additem" method="*post*">
<h1>
<center>
categories Operations
</center>
</h1>
<h3>
<label>Name</label>
<input type="text" name="name" value="" size="10" />
<label>Description</label>
<input type="text" name="description" value="" size="10" />
<input type="button" value="Submit">
</h3>
</form>
</body>
</html:html>The Servlet Code:
import java.io.*;
import java.util.Enumeration;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.net.*;
public class NewServlet1 extends HttpServlet implements SingleThreadModel {
public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException,IOException {
doPost(request,response);
public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException,IOException {
String action = request.getParameter("action"); // action = "Additem"
if (action.equals("Additem")) {
String name = request.getParameter("name");
String description = request.getParameter("description");
RequestDispatcher reqDisp = null;
try{
Connection conn;
PreparedStatement ps;
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://localhost/struts", "root", "");
ps = conn.prepareStatement ("INSERT INTO categories (Name, Description) VALUES(?,?)");
ps.setString (1, name);
ps.setString (3, description);
ps.executeUpdate();
ps.close();
conn.close();
reqDisp= request.getRequestDispatcher("./index.jsp");
reqDisp.forward(request, response);
catch (Exception ex){
System.out.println("Error: "+ ex);
}The web.xml code:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>NewServlet1</servlet-name>
<servlet-class>NewServlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>NewServlet1</servlet-name>
<url-pattern>/NewServlet1</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>actionServlet</servlet-name>
<servlet-class>com.test.servlet.NewServlet1</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>actionServlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app> -
Single access point with multiple ssids and single channel possible?
Hi everybody.
I have this silly question.
Let say we have three vlans, vlan1,2,3 and they are mapped to wlans as follows:
Vlan 1 ssid1
Vlan 2 ssid2
Vlan3 ssid 3
AP --------trunk------Switchted network.
Our Ap has mobile devices in three wlans, i.e ssid1ssid2 and ssid3
Since AP uses half duplex mode, mobile devices need positive ack from ap before they can send data, therefore once channel let say channel 3( assuming 802.11b is used) can be shared by all mobile devices in three wlans.
Is my understanding correct?
Thanks and have a great weekend.Hii ,
Yes ,that is pretty much possible as suggested by other experts on board. Depending on your access point you will have 1 (2.4 GHz) or both 2.4 & 5GHz radios.
You can configure multiple SSIDs (up to 16 ) known as MBSSID mode in autonomous environment. In Controller based architecture you can configure up to 512 WLAN (SSID) and transmit any 16 of them per AP (using AP group feature). However , it is recommended to keep multiple SSID count below 8 as for each SSID separate beacon will be sent on air which consumes more air time.
Hope this helps
Thanks
Vinay -
Can I sign in with multiple apple IDs in a single apple device without deleting my previous one?
can I sign in with multiple apple IDs in a single apple device without deleting my previous one?
Hi swagyoloswag,
Welcome to the Apple Support Communities!
There are several different services that require signing into an Apple ID to use on your iOS device. You can sign into different Apple IDs for different services on your iPhone. For example, Apple ID #1 for iCloud and Apple ID #2 for iTunes & App Store. You cannot sign into the same service with two different Apple IDs at the same time. The attached article has a list of services that are accessible with your Apple ID.
Where can I use my Apple ID? - Apple Support
Cheers,
Joe -
Creating FOrums with Servlet and JSP
Hi everyone,
Is there a good resource that explains how to build a forum using servlets and JSP technology?
Regards,
Basil Mahdiplease let me know here if you find any useful resources...I am in the process of writing my own searchable threaded forum for my company with JSP's/servlets. It's a very slow process at the moment though...if I ever finish it, I'll gladly share it.
-
Implementing single sign on across multiple web apps
Hi
I was wondering if somebody could help me. I need to implement single sign on
for multiple web apps deployed in separate WARs in a single EAR file. I need
to authenticate against an LDAP server and ensure that the user only has to sign
on once per user session even if the user navigates between web apps. The weblogic
docs only seem to go so far, i.e. "Single sign on works if each web app uses the
same cookie" etc. So I see that, apart from buying WebLogic Enterprise Security
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used to access the
WLS console but need to have single sign on. Should we implement single sign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLS documentation
that shows me how to implement single sign on using session cookies?
TIA
Mik"Mik Quinlan" <[email protected]> wrote in message
news:[email protected]..
>
Hi
I was wondering if somebody could help me. I need to implement singlesign on
for multiple web apps deployed in separate WARs in a single EAR file. Ineed
to authenticate against an LDAP server and ensure that the user only hasto sign
on once per user session even if the user navigates between web apps. Theweblogic
docs only seem to go so far, i.e. "Single sign on works if each web appuses the
same cookie" etc. So I see that, apart from buying WebLogic EnterpriseSecurity
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used toaccess the
WLS console but need to have single sign on. Should we implement singlesign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLSdocumentation
that shows me how to implement single sign on using session cookies?
http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551
That also has a pointer to:
For more information, see session-descriptor in Assembling and Configuring
Web Applications. -
How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication
Identity provider here is Oracle identity provider
harika kakkireniHi,
The following materials for your reference:
Consuming List.asmx on a claims based sharepoint site
http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
Sharepoint Claims based authentication and Single Sign on
http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
Best Regards
Dennis Guo
TechNet Community Support -
Using single SMB share with multiple Hyper-V clusters
Hello,
I'm trying to find out if I can use a single SMB share with multiple Hyper-V Clusters. Looking at:
How to Assign SMB 3.0 File Shares to Hyper-V Hosts and Clusters in VMM
I think it's possible. Since the File Server is going to handle the file locking it shouldn't be a problem.
Has anyone tried that?
Thank you in advance!Hello,
I'm not sure that's possible, I get this from this statement:"Assign the share—Assign
the share to a virtual machine host or cluster."
Even if it worked I wouldn't do that. Why don't you just create multiple shares? -
Single step workflow with multiple approvers (without using a group)
Hi,
is it possible to have a single step workflow with multiple approvers without using a group? This is for a contract document.
i want to add a number of users based on particular logic. The approvers are random and do not belong to any particular group.
DO let me know if it is possible or if any of you have done that.
thanks in advance.
regards,
rubioHi Rubio,
I believe the behavior would be, if individual users are added as approvers then the system would require each approver to approve the document. However, if you use the user group, you could set the role so that it would be either ALL or ANY.
Regards,
Vikram -
How do I create a single PDF file with multiple pages?
Hi, I occasionally need merge several jpg images into a single pdf file with multiple pages (one Jpg per page). I have tried doing this on Preview, and by selecting all the pages I want to include in my document and trying to save to Pdf through the "Print" function, but every time it only saves the first page.
Can anyone tell me if there is a way to save multple-page pdf files without having to purchase a specific program (i to this too infrequently to justify the cost)?
Thanks very much,This works for me...
Open first image in Preview View > Sidebar. Drag the other images into Sidebar, then select all.
From File menu > print selected images. Choose PDF > Save as PDF
-mj -
How to integrate single sign on with third party system
we are in the process of implementing istore application. we already have home grown isupport application to contact support personnal for any issues. Now we are wondering how do we integrate oracle applications single sign on with our third pary system. Is there any recommendation provided by oracle to achieve the same.
We too are in the process of implementing iStore with SSO features.
And if you believe me it seems to me as nightmare.
In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
[email protected]
regards and thanks in advance
Vikas Deep -
I'm developing web application with OAS
4.0.8.1 and JDeveloper 3.0 and I want to call
JSP from servlet using "RequestDispatcher".
I downloaded JSP for OAS from www.olab.com.
In the Release note, there is a description
about RequestDispatcher, but I cannot
understand about details.
In what configuration can I use servlet and
JSP together with RequestDispatcher. Anyone
scceeded about that?
nullwan (guest) wrote:
: Hi everyone,
: I am using OAS 4.0.8 on Solaris 2.6. After viewing servlet
: and JSP samples, I am kind of confuse whether OAS supports the
: following options
: 1. JSP
: 2. servlet chaining
: 3. running JDeveloper DB Servlet wizard
: (oracle.jdeveloper.servlet.*) and Java Business Objects
: (oracle.jbo.rt.cs)
: Thank you for your time.
I found a white paper 408newfead.pdf, that says under "Future
Directions" that it will add jsp support. I read somewhere (I
can't remember where exactly :( ) that said 4.0.8.1 would
support
JSPs. I don't know if this release is out yet.
I wish Oracle would get with the times and put out a product that
is consistent with the technology they are touting as the
future.
Having us download Suns server to run servlets and JSP is
ridiculous for the worlds second largest software company!
null -
InterMedia Java Classes for Servlets and JSPs and Netscape
I am using the interMedia Java Classes for Servlets and JSPs to upload and retrieve multimedia data. I have found that it is much more performant in Internet Explorer (5.5) than in Netscape Communicator (4.7). In fact, I cannot upload images larger than 10K at all using netscape. However, the same image can be uploaded into the same application using IE. Is this a known issue?
Thanks in advance.Hi,
We have successfully uploaded multimedia data in the giga-byte range (Quicktime and AVI files) at the same speed with both the Netscape (4.7n) and MS IE (4.n and 5.n) browsers. One thing we have noticed is that its very important to set the manual proxy settings correctly if you have an environment with a proxy server. If you don't, then uploads can go via the proxy server and, for some reason, that seems to take considerably longer. For example, suppose you are in the www.xyzco.com domain and are connecting to a host named webserver.www.xyzco.com, then specify webserver and webserver.www.xyzco.com (to cover both cases) in the "Do not use proxy servers for..." box in the manual proxy server configuration screen. Also, if you're using a tool such as JDeveloper that uses the host IP address in the debugger environment, then you also need to add the numeric-based (nnn.nnn.nnn.nnn) IP address to this list.
Hope this helps.
In order to better understand the variety of ways in which our customers are using interMedia, we'd be very interested in knowing a little more about your application, the interMedia functionality that you are using, and how you are developing and deploying your application. If you are able to help us, please send a short email message with some information about your application, together with any comments you may have, to the Oracle interMedia Product Manager, Joe Mauro, at [email protected] Thank you!
Regards,
Simon
null
Maybe you are looking for
-
Is there a flash player that works with the IPAD
Is there a flash player app or program that will work with a Ipad.
-
Q10 - can't send video over 16Mo via Whatsapp (smaller size no problem)
Hi there, Tried everything but i can't send video bigger than 16mo via whatsapp ! All my friends with this app has no problem ! Any idea ? Thanks and long life to BLACKBERRY
-
Will 10.6 drivers work the same with the Lion Operating System (10.7) Mouse
Hi everyone i was hoping to know if 10.5 - 10.6 drivers work on 10.7 to use a mouse because i would really like the Razer Mamba and the 2012 edition has 10.5 - 10.6 drivers for it soo i was hoping that they would work with 10.7? Please respond quickl
-
Have installed BI Beans 10.1.0.3.0. I am now trying to run the BI Beans diagnostic and get error: SYS.GENRAWSEQUENCE. Has anyone else encountered this and found a fix? Thanks for the help
-
Certain movies I've purchased don't appear in iCloud. Are there some studios that don't allow it? The most recent is This means War... I downloaded it on my iPad but can only play on the apple tv, etc through AirPlay. I did check for it on a couple