I have 2 web applications (war files) that are deployed to a single managed server. Both web applications use the weblogic security realm for authentication (configured via Security Realm -> Providers) with the same provider. This means that both applications have the same set of users.
The first application implements a simple web service (using JAX-WS) that provides 3 or 4 functions.
The second application is a UI that provides inventory operations (saved to a database) and additionally calls functions from the first web service application.
I would like the following to happen:
1 - User logs into the UI application
2 - User performs an action that calls the web service application
3 - The UI application uses the login credentials from step 1 to login to the web service application
4 - The web service application executes the function with the user credentials from step 1
The reason I would like this is that the web service application has an audit trail of who called the function.
I have a work around but it is not acceptable, which is to configure a username/password in the UI. The issue is that the web service function is always called with the configured user, regardless of who logs in from step 1.
Anyone have any ideas on how to deal with this problem?
Does SSO help in this case?
Is there a way to reuse the session?