Authenticating using the web application session ID

Discussion in 'Java' started by Stanimir Stamenkov, Sep 17, 2003.

  1. I've wondered if it's possible... I have a HTML page which loads an
    applet which is responsible for connecting to a service (other than
    the web application - JSPs) on my system. I want to use the session ID
    assigned by the web application to authenticate the user upon the
    applet connection to avoid double logins and transmission of user name
    and password, probably over a secure connection (this is already done
    by the http service). The session ID is passed to the applet object
    with a parameter in the generated HTML.

    At this point my other service needs a way to query the web
    application component for the session identified by the specified ID.
    I see the 'HttpSessionContext' interface is deprecated entirely and
    I've wondered how I could obtain instance and query a specific session
    on the server-side from "third-party" service?

    Thank you for your help in advance.
     
    Stanimir Stamenkov, Sep 17, 2003
    #1
    1. Advertising

  2. Stanimir Stamenkov

    VisionSet Guest

    "Stanimir Stamenkov" <> wrote in message
    news:...
    > I've wondered if it's possible... I have a HTML page which loads an
    > applet which is responsible for connecting to a service (other than
    > the web application - JSPs) on my system. I want to use the session ID
    > assigned by the web application to authenticate the user upon the
    > applet connection to avoid double logins and transmission of user name
    > and password, probably over a secure connection (this is already done
    > by the http service). The session ID is passed to the applet object
    > with a parameter in the generated HTML.
    >
    > At this point my other service needs a way to query the web
    > application component for the session identified by the specified ID.
    > I see the 'HttpSessionContext' interface is deprecated entirely and
    > I've wondered how I could obtain instance and query a specific session
    > on the server-side from "third-party" service?


    Your applet can open HttpUrlConnection with servlet and request any session
    data.
    So I don't see that it is necessary to pass it as parameter in html if you
    are going to check it anyway.
    --
    Mike W
     
    VisionSet, Sep 17, 2003
    #2
    1. Advertising

  3. "VisionSet" <> wrote in message news:<u3Z9b.1769$>...
    > "Stanimir Stamenkov" <> wrote in message
    > news:...
    > > At this point my other service needs a way to query the web
    > > application component for the session identified by the specified ID.
    > > I see the 'HttpSessionContext' interface is deprecated entirely and
    > > I've wondered how I could obtain instance and query a specific session
    > > on the server-side from "third-party" service?

    >
    > Your applet can open HttpUrlConnection with servlet and request any session
    > data.
    > So I don't see that it is necessary to pass it as parameter in html if you
    > are going to check it anyway.


    My applet needs to authenticate itself agains my other service (which
    runs in its own JVM. It uses a TCP Socket for connection with custom
    protocol, not HTTP) - not against the web service/application. I don't
    want double logins nor secure transmission of sensitive data
    (username:password) so I want to use the authentication done already
    by the web application. My other service would query the web
    application through JMS call or whatever on the server-side.

    I hope I made it clearer this time.
     
    Stanimir Stamenkov, Sep 18, 2003
    #3
  4. (Stanimir Stamenkov) wrote in message news:<>...

    > [...]
    > I see the 'HttpSessionContext' interface is deprecated entirely and
    > I've wondered how I could obtain instance and query a specific session
    > on the server-side from "third-party" service?
    >


    BTW I've just saw there is a 'HttpSessionListener' interface which I
    could use to build a session retrieval component in the web
    application, which I could query through custom mechanism from my
    other service, but I couldn't see any references to it - where I could
    register such listener?
     
    Stanimir Stamenkov, Sep 18, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mrwoopey
    Replies:
    3
    Views:
    9,573
    mrwoopey
    Jun 30, 2003
  2. jakecjacobson
    Replies:
    0
    Views:
    243
    jakecjacobson
    Jun 23, 2009
  3. ThatsIT.net.au

    Authenticating web srvices

    ThatsIT.net.au, Aug 29, 2009, in forum: ASP .Net
    Replies:
    4
    Views:
    375
    ThatsIT.net.au
    Sep 3, 2009
  4. mirlisa
    Replies:
    1
    Views:
    101
    mirlisa
    Mar 15, 2006
  5. Jeremy
    Replies:
    1
    Views:
    112
    Sherm Pendley
    Jun 30, 2004
Loading...

Share This Page