How to Implement SSO on existing tomcat web application

Question

I have a tomcat 7 setup with oldApp.war and newApp.war deployed on it. Both the applications share the same login credentials for users on the database.

I can acces

Answer 1

I have managed this with the Tomcat's SSO Valve:

1. Put SSO Valve within Host (localhost) element of server.xml file:

2. Add users and roles (eg. in tomcat_users.xml):

3. In web-app element of your app's web.xml file, add security constraints:

   App name /* employee FORM file /login.jsp /error.jsp employee

4. That's it. Now, log in to the one of your apps, and you should be logged in to other apps.

Of course, you should not use a plain text password in the production, this is just a quick example. You shoud consider Digest authentication, as well as configuring SSL on Tomcat.

I hope this will help someone!

P.S. if you store users in the SQL database, please check my comment below this answer.