Authenticating using the web application session ID

[Stanimir Stamenkov]

I've wondered if it's possible... I have a HTML page which loads an
applet which is responsible for connecting to a service (other than
the web application - JSPs) on my system. I want to use the session ID
assigned by the web application to authenticate the user upon the
applet connection to avoid double logins and transmission of user name
and password, probably over a secure connection (this is already done
by the http service). The session ID is passed to the applet object
with a parameter in the generated HTML.

At this point my other service needs a way to query the web
application component for the session identified by the specified ID.
I see the 'HttpSessionContext' interface is deprecated entirely and
I've wondered how I could obtain instance and query a specific session
on the server-side from "third-party" service?

Thank you for your help in advance.

 

[VisionSet]

I've wondered if it's possible... I have a HTML page which loads an
applet which is responsible for connecting to a service (other than
the web application - JSPs) on my system. I want to use the session ID
assigned by the web application to authenticate the user upon the
applet connection to avoid double logins and transmission of user name
and password, probably over a secure connection (this is already done
by the http service). The session ID is passed to the applet object
with a parameter in the generated HTML.

At this point my other service needs a way to query the web
application component for the session identified by the specified ID.
I see the 'HttpSessionContext' interface is deprecated entirely and
I've wondered how I could obtain instance and query a specific session
on the server-side from "third-party" service?

Your applet can open HttpUrlConnection with servlet and request any session
data.
So I don't see that it is necessary to pass it as parameter in html if you
are going to check it anyway.

 

[Stanimir Stamenkov]

Your applet can open HttpUrlConnection with servlet and request any session
data.
So I don't see that it is necessary to pass it as parameter in html if you
are going to check it anyway.

My applet needs to authenticate itself agains my other service (which
runs in its own JVM. It uses a TCP Socket for connection with custom
protocol, not HTTP) - not against the web service/application. I don't
want double logins nor secure transmission of sensitive data
(usernameassword) so I want to use the authentication done already
by the web application. My other service would query the web
application through JMS call or whatever on the server-side.

I hope I made it clearer this time.

 

[Stanimir Stamenkov]

[...]
I see the 'HttpSessionContext' interface is deprecated entirely and
I've wondered how I could obtain instance and query a specific session
on the server-side from "third-party" service?

BTW I've just saw there is a 'HttpSessionListener' interface which I
could use to build a session retrieval component in the web
application, which I could query through custom mechanism from my
other service, but I couldn't see any references to it - where I could
register such listener?