Java jsp servlet based site and joomla based login

quinnd6 · 08-11-2007 1:24pm #1

Ok we've a new joomla based site which has a login page.
When someone is logged in they will be transferred to a java servlet and Jsp based site which will open in a new window.

So when someone logs in using the joomla site page which has a username and password space for logging in I need them to be transferred to the java servlet and jsp based site and logged into that java servlet and jsp based site.

The jsp and java servlet page has a login page but the joomla based page will become the new login page.

Is it possible to do this?

Giblet · 08-11-2007 2:33pm

You'll have to add the relevant information to the session or the cookie when they log into the joomla site, then check that information on the JSP site.

quinnd6 · 08-11-2007 6:05pm

The 2 sites are on different servers at the moment.

Would that make it difficult?

Giblet · 08-11-2007 6:30pm

Cookies over domains is a bad idea and wouldn't work if third party cookies is disabled on the clients machine. Sessions data wouldn't track correctly unless you can set that up to handle it on both your servers (which means syncing them). You could try using an iframe and js.. *eek*

If you can get both working on the same server under apache, it would work.

Bluefrog · 08-11-2007 7:29pm

Off the top of my head this should be possible using XMLHTTP.

Basically you would login on Joomla as normal. When Joomla authorises the user, those credential could be posted to the Java site via XMLHTTP for authorisaton there and that would give the browser any required cookie and session information necessary to proceed on the Java site.

sicruise · 09-11-2007 9:29am

Just set up a realm in tomcat and post the paramaters from your "joomla" form to j_security_check serving from tomcat...

Bluefrog · 09-11-2007 7:16pm

Is there any reason you can't simply change the action atribute in the Joomla login form to point to the authentication page on the java site? I had assumed before that you needed to be authorised on the Joomla site too but maybe this is not the case...

quinnd6 · 13-11-2007 10:51am

There is an oracle database of passwords so Im not sure if I could use the tomcat security realm option.

I read somewhere that xmlhttprequest isn't very secure and is unsafe.

So whats the best most secure option?
What would you suggest?

cheers for answers so far aswell guys.

sicruise · 13-11-2007 1:17pm

Install an ssl cert on your login server and that will secure your connection.

You can use the oracle jdbc driver for tomcat realms.

Bluefrog · 13-11-2007 9:38pm

well if you use an SSL cert on your java server then any traffic to it will be encrypted including XMLHTTP traffic.

XMLHTTP no more or less secure than any server request from any other origin. You could also set up the script that receives the request to only accept it from your joomla server's IP if it's not on a shared host.

sicruise · 13-11-2007 9:51pm

Why are you even thinking of using AJAX here? It is overkill and will rule out anyone with Javascript disabled...

Java jsp servlet based site and joomla based login

Comments