Single Sign on with Legacy Servlet System

Discussions

Web tier: servlets, JSP, Web frameworks: Single Sign on with Legacy Servlet System

  1. Single Sign on with Legacy Servlet System (4 messages)


    I have an existing Servlet-based web application running an old Servlet 2.0 container.

    I am now designing a new application that will live on another machine with the latest Tomcat Server running on it. Users should be able to log on to the legacy system and be able to access the new system I am designing transparently; that is the user is authenticated and authorized "automagically." The current system uses a form 2 database authentication model and stores user information in the session object.

    Does anyone have any ideas on how I might accomplish this?

    Thanks in advance.
  2. Do they share a database?

    Dave Wolf
    Personified Technologies LLC
  3. They will share the same login information database.
  4. So here is what I would do. Create a table which will hold as unique hash for your users login, and the username and password for that hash. When you go from web app 1 to web app 2, pass the hash as a SSO token. Web app 2 will then lookup that hash in the database finding the proper username and password so web app 2 can authenticate. Web app 2 can now delete the row from the database.

    By doing this

    1) The unique hash is of no use to a hacker watching the URL's flying by
    2) From the users view it is still single signon
    3) You can change username/password all you want without breaking the system.

    Make sense?

    Dave Wolf
    Personified Technologies LLC
  5. That seems like a really good idea. I appreciate your help.

    Dave Costakos