I'd like users to be able to login once and get access to several web
apps. Is it possible for web apps to 'share' a security-contraint?

I've tried putting the constraint into conf/web.xml That applies the
constraints to all the specified web apps managed by the server, but
users still need to log into each web app separately.

I.e. if conf/web.xml contains a security constraint that such as

  <security-constraint>
    <display-name>Site access constraint</display-name>
    <web-resource-collection>
       <web-resource-name>Protected
  Area</web-resource-name>        
          <url-pattern>/WebApp_A/*</url-pattern>
          <url-pattern>/WebApp_B/*</url-pattern>        
    </web-resource-collection>
    <auth-constraint>      
      <role-name>a_defined_role</role-name>        
    </auth-constraint>
  </security-constraint>


(webapps/Web_App_A/WEB-INF/web.xml and webapps/Web_App_B/WEB-INF/web.xml
do not contain a security-constraint.)
(By the way, I don't know if putting a security constraint in
conf/web.xml is legitimate.)

The constraint will apply to WebApp_A and WebApp_B
When a user access a page in WebApp_A, she is required to login. If,
after a successful login, she accesses a page in WebApp_B, she will
have to log in again. Is there a way to force the first login to apply
to all the listed web-apps?

Thanks,

bw