0

I have a web application which requires username and password authentication to enter.

What I am doing is, authenticate a user from a stand alone Java app, which would do so by making Http request to the server using username and password. Then I would retrieve JSESSIONID cookie from response of server.

Now what I want is to use this JSESSIONID to continue session on browser i.e. to let user navigate pages of my web app which would be opened by my stand alone java app which I use for authentication.

Is this possible? Or is there any other way to do so.

Darshan Lila
  • 5,772
  • 2
  • 24
  • 34

2 Answers2

0

Cookie can be changed using below mentioned methods.

        Cookie cookie = new Cookie("JSESSIONID", NEWSESSIONID);
        response.addCookie(cookie);

From your application you can send JSESSIONID as parameter while opening browser first time and reset your cookie using above method either in filter or servlet. This will reset your cookie in client side once you send response back. Next request on wards you will be able to access the session created previously.

Nisanth Kumar
  • 56
  • 2
0

It's possible but it's not that simple.

Since web applications don't share sessions, what you're looking for is a Single Sign On (SSO) solution, which involves an "Identity Provider" (IdM) that authenticates users for one or more "Service Providers" (SP). In this case, your servlet is the IdM and your web app is an SP.

Depending on your deployment, the following are third-party, open-source SSO libraries that you may be able to use:

  • Kerberos
  • PicketLink (for JBOSS)
  • OpenAM (for Tomcat)

If you don't want to use a third-party library, you may also be able to modify your servlet to be the IdM. Either way, I suggest reading a little about Security Assertion Markup Language (SAML) before deciding on a solution. SAML is a popular method that the above libraries implement.

A-Diddy
  • 582
  • 7
  • 11