Hello cocooners,
this is little bit off topic of the Cocoon domain itself. This question applies to Servlets in general.
I am trying to authentificate the user for Cocoon that is already authentificated in another web application (running in .net platform). I do not want the user to type the user name and his password again, rather I would like to "reuse" the existing login from .net application. For this purpose there will be a web service on the .net side, that will authentificate and authorize session beeing created by Java server.
Communication would flow like this:
- from .net application a request with user (user's .net session id) will be sent to Java application
- Java application uses this .net session id to authentificate the user using provided web service
- if authentification succeeded the user will be authentificated also in Java server and will be allowed to enter protected content residing in Java application
I want to use some standard server side security mechanism (JAAS or Tomcat realm). JAAS module or Tomcat Realm would communicate with web service. Its input should be session id from .net platform, the result should be user principal and his roles. I want this because I want my application to behave transparent to any authentification method - the application uses programatic security using HTTPServletRequest getUserPrincipal() and isUserInRole() methods.
It seems now that I am forced to use one of the authentification mechanisms specified in Servlets specification when wanting the server managed authentification in Java server:
- HTTP BASIC Authentification
- Form Based Authentification
But now I am stuck in that, because I have no clue how to simulate any of these authentification methods by simple HTTP POST explicitly called by the client. This first HTTP POST (or GET) with request parameter containing existing .net session id should be our entry point to our Java application.
Has anyone experienced given or similar problem or has anyone has some clue about how to solve this puzzle?
Thanks for any help,
Michal
