We have several applications deployed in Tomcat and want to add 1 application to handle authentication for all of the other applications.
All applications are defined as different host elements in Tomcat configuration (server.xml) like following example:
<Host name="loginapp.localhost" appBase="loginapp" />
<Host name="webapp1.localhost" appBase="webapp1" />
<Host name="webapp2.localhost" appBase="webapp2" />
...
What is a best practice to accomplish this?
How I see things are going to work and what I have tried so far:
When a user goes to an url that points to webapp1, a request filter in the application sees that the user has not been authenticated yet and redirects to the "loginapp" where authentication happens and redirects back to webapp1 where the user now has been authenticated for (only for this specific application).
What I need is to share data between these applications. And I've found it should be possible to share session attributes across applications like following (example I've found):
request.getSession().setAttribute("sharedId", shared);
request.getRequestDispatcher("/URLofOtherServlet").forward(request, response);
But I'm not sure how I can achieve this as my applications are running inside the same Tomcat server, but are accessed by different domain names. Is this even possible this way? Or are there other options for my case?
EDIT:
Apparently my "solution" above is only possible for use inside one application.
What I have found now while researching further is JNDI resources. Would this be something I can use to share some data between my applications?