> Hi, > > if security matters and you have time to learn something new, you need > Single Sign On such as CAS : http://www.jasig.org/cas (easy to setup when > deploying in Tomcat) > If not you could implement something like this : > > - app1 generate a link to app2 with a token in it > - app2 verify if the token is there and call a DA on app1 to ask if it's a > valid token > > Cheers, > > Alex > > 2012/3/1 Raghavender Bokka <[email protected]> > >> Hi folks, >> >> I have two WO apps, both are running using the same user database, and >> for >> each app, the user authenticates against that user database before >> they're >> let into the app. The userID and the Password are stored in the >> database >> table (without encrypted). >> >> Now I have added a link in the app1 that should allow the user to >> navigate >> to the app2 using the same login credentials (without the user entering >> the >> userID and Password for the app2). >> >> Please advise how this can be achieved or advise how the login >> credentials >> are added to the URL so that the user is navigated to the app2 without >> entering the login credentials. >> >> Thanks in advance for any help. >> >> Rahu
Hello, I agree with (the second point from) Alex. The common trusted area of your apps is the shared database, so you can create a database table for token provision (expiry, origin_app, destination_app, token, user_id FK, status, ..). App A creates the token, send the token (uuid or what-have-you) as a parameter to a DA request to App B, App B checks for the token, and if happy, hydrates the user in its session and marks the token complete. There are other approaches of course - a SSO service, or encrypt the data (symmetric or asymmetric) and send it to a DA of app B, but given your info I think the db table is the easiest for your problem. Cheers, Matt _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
