• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: login multiple WOApps by passing same login credentials
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: login multiple WOApps by passing same login credentials

  • Subject: Re: login multiple WOApps by passing same login credentials
  • From: Matthew Ness <email@hidden>
  • Date: Thu, 01 Mar 2012 21:03:32 +1100
  • Importance: Normal
> Hi,
>
> if security matters and you have time to learn something new, you need
> Single Sign On such as CAS : http://www.jasig.org/cas (easy to setup when
> deploying in Tomcat)
> If not you could implement something like this :
>
> - app1 generate a link to app2 with a token in it
> - app2 verify if the token is there and call a DA on app1 to ask if it's a
> valid token
>
> Cheers,
>
> Alex
>
> 2012/3/1 Raghavender Bokka <email@hidden>
>
>> Hi folks,
>>
>> I have two WO apps, both are running using the same user database, and
>> for
>> each app, the user authenticates against that user database before
>> they're
>> let into the app.  The userID and the Password are stored in the
>> database
>> table (without encrypted).
>>
>> Now I have added a link in the app1 that should allow the user to
>> navigate
>> to the app2 using the same login credentials (without the user entering
>> the
>> userID and Password for the app2).
>>
>> Please advise how this can be achieved or advise how the login
>> credentials
>> are added to the URL so that the user is navigated to the app2 without
>> entering the login credentials.
>>
>> Thanks in advance for any help.
>>
>> Rahu


Hello,

I agree with (the second point from) Alex.

The common trusted area of your apps is the shared database, so you can
create a database table for token provision (expiry, origin_app,
destination_app, token, user_id FK, status, ..).

App A creates the token, send the token (uuid or what-have-you) as a
parameter to a DA request to App B, App B checks for the token, and if
happy, hydrates the user in its session and marks the token complete.

There are other approaches of course - a SSO service, or encrypt the data
(symmetric or asymmetric) and send it to a DA of app B, but given your
info I think the db table is the easiest for your problem.

Cheers,

Matt



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >login multiple WOApps by passing same login credentials (From: Raghavender Bokka <email@hidden>)
 >Re: login multiple WOApps by passing same login credentials (From: Alexis Tual <email@hidden>)

  • Prev by Date: Re: login multiple WOApps by passing same login credentials
  • Next by Date: Re: 5.4 uploading large files
  • Previous by thread: Re: login multiple WOApps by passing same login credentials
  • Next by thread: file upload action using ERAttachment
  • Index(es):
    • Date
    • Thread