Menu
I have a legacy application. The login system is very simple like it takes username/password from user and runs a database query and validate the user.Now, i have created a link inside that legacy java application, that lands to a completely separate Java application dashboard page (written in Spring MVC).As of now, the new spring application as completely separate application and no user validation is implemented there. I want something like if somebody click the link(he can only access the link after logging in to the legacy application), it redirects to the new application along with user session data. So that user also sees himself logged in to the new application. And if he log out from the new application, I want him to be logged out from the legacy application too.
Legacy application- Simple servlet jsp based java application, runs on tomcat 5.5 New Application - Written in Spring MVC 4 and runs on tomcat 6
Both the tomcat containers reside on the same red hat box.
Any help will be highly appreciated. Thank you
864
You could try to develop a AuthenticationSuccessHandler for the legacy application and have it set the Autentication from SecurityContext in a shared memory between the two application on success. On logout, destroy the object.
For the new application, develop a filter or a handler that for a request checks to see if there is an Authorization in the shared memory associated with the SESSIONID from the request. If it's no longer there, force spring to destroy this session, logging you out.
AuthenticationSuccessHandler: http://docs.spring.io/autorepo/docs/spring-security/3.1.7.RELEASE/apidocs/org/springframework/security/web/authentication/AuthenticationSuccessHandler.html
SecurityContent: http://docs.spring.io/autorepo/docs/spring-security/3.2.2.RELEASE/apidocs/org/springframework/security/core/context/SecurityContext.html
shared memory: http://hazelcast.com/
Of course, this is only a fragile link between the two applications and maybe you should think about redeveloping the legacy application in a way that it best serves it's purpose of a CAS, such as exposing a webservice for login, and have a login handler for the new application call the webservice for an attempted login and decide using the answer whether to login the user or not. This way, you only have one session (on the new application) and you can scale easier the legacy app (if needed and not blocked by other restraints).
This is only an oppinion and without a more detailed look at your application, it might prove useful or total rubbish :)
60
Let's say your are connected on server A. On server B, you have your Spring MVC app.
You should develop on server B a webservice that create a Secure Token, encrypt it with a symectric algo. Send the token to the server A. Server A then calls an other webservice on server B that use the token to authenticate. When you will use the token to login server A can decrypt it to verify that it's the one issued previously.
You can find various documentations and examples on the web for token based authentication.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
