I am trying to add new functionality to a formerly built web application. The application uses j_security_check . I want to use another single-sign-on service to log in to the application. What is the best practice for that?
P.S. I can't see where j_security_check checks for the user name and password. Any help with that will be appreciated.
Edit: actually what i want to do is to use another sso service to login to j_security_check. the other SSO System is another we application. user logins to that application and that application post me a token. After it posts me the token I can get the user id of logged in person.
Thanks!
j_security_check or Realm is a way that web container or tomcat check the login itself!
If you check the server.xml in configuration files of tomcat or context.xml in your META-INF files, you can see the Realm tag which shows how the Realm check the login functionality.
You cannot use Realm for more than one times in an application. if you want to implement another single sign on, you should implement it yourself. But I don't know why you want to implement two single sign on! it is really strange!
The best way I think is putting somethings in session and check it to make sure that user is logging in.
As you said that there are too many pages and handling this kind of projects is really hard, I suggest you to use Front Controller pattern or Facade Design pattern. You can check the session only in Front Controller.
You can read more here:
http://en.wikipedia.org/wiki/Front_Controller_pattern
http://java.dzone.com/articles/understanding-front-controller http://www.allapplabs.com/j2ee_design_patterns/j2ee_design_patterns_front_controller.htm