Friday, February 4, 2011

J2EE Web Application - Simple Single SignOn (SSO)

To have a common account (username-password) for various applications of an umbrella and to have authentication at a place to access all of the applications without the need to enter password for each is called Single Sing-on (SSO).

Here is a simple SSO implementation of web applications using JSP (would run any java web server).
Steps as follows:
  1. Create views for login and success login.jsp & success.jsp respectively for example.
  2. Write the action (as a servlet) for example to handle and authenticate the request if the credentials are valid.
  3. Set a session attribute on success of login, username for example.
    session.setAttribute("username", userName);
  4. Create a jsp isLivingSession.jsp for example, which is going to act as javascript source and is the key part of our SSO.
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<form action="<%=request.getParameter("c")%>">
<input name="username" type="text" />
<input name="password" type="text" />
<input type="submit" value="submit" />
 session.setAttribute("username", userName);
 if(c!=null && !c.trim().equals("")){

   //user will 
be automatically redirected to the calling application or page.



Add the following line in all web pages or a file which is included by all pages header of the application which should use SSO. This could be used in any server or application or platform.

<script type="text/javascript" src=""></script> 

one more thing should be noted is the web application should support javascript, so add noscript tag in all web pages.

and thats it.. go and play.

No comments:

Post a Comment