I need to use container-managed authentication (need single sign-on for multiple webapps in the same container). But I'm a little confused as to how this works.
What I'd like to be able to do is to specify a general secure area '/secure/*' in web.xml that would require logging into the container, and then use the SecurityEnforcementFilter to protect specific urls.
I'm not sure if this is possible because SecurityEnforcementFilter uses an AuthenticationEntryPoint, and I'm not sure how to integrate that with container-managed security. Authentication should never fail in this situation because the user would presumably be logged in by the time they reached the SecurityEnforcementFilter, so I'm not sure what the purpose of the AuthenticationEntryPoint is in this case.
Also, in looking through the sample code, I noticed that the container-managed authentication has the BasicProcessingFilter turned on. (in samples/contacts/etc/ca/web.xml)
This doesn't really make sense to me, why have a basic authentication filter if the container is managing authentication?
Thanks for your help!