Hello Juan, thank you mentioning josso. I understand that josso would fit in, but i'm a little bit afraid that using josso would make the project more complicated than neccssary. At the end, the only thing i need to know at the servlet is the user id of the CMS user. The cms and the servlets use the same database so directly querying the sesssion table looks like a simple solution. My current approach could easily be implemented with a few lines of php code and a simple filter servlet in perhaps less time than getting comfortable installing and administering josso - but this is just an assumption... With this additional background information, what would be the advantage of josso compared to directly letting the servlet query the cms session table?
I'm just searching for the easiest way to implement it with as less effort as possible, but it should be suffiently secure - although security is not a main concern. So any advice is welcome! Thanke you! On 9 Jan., 17:08, Juan Pablo Gardella <gardellajuanpa...@gmail.com> wrote: > Evaluate > josso<http://www.josso.org/confluence/display/JOSSO1/JOSSO+-+Java+Open+Sing...>to > SSO too, it integrates with PHP. > > Juan > > El 9 de enero de 2012 12:58, Nano Elefant <nanof...@gmail.com> escribió: > > > > > > > > > Hello, > > > I am in need of some advice about GWT authentication. Here's what I'm > > planning to do: > > > 1. Embed a GWT application into a site served by a PHP CMS like > > Drupal, Joomla, Wordpress. > > 2. Let the CMS handle user registration and authentication. > > 3. After login, store the CMS Session ID in a javascript variable to > > make it accessable to the GWT app. > > 4. Forward the SessionID as a parameter to each servlet call. > > 5. The servlet queries the CMS session table from the CMS database to > > test if the supplied session is still valid and to determine the users > > id. > > 6. The user id is used for subsequent database operations... > > > Sounds like a simple solution - at least it's the simplest approach to > > implement some kind of PHP and GWT single sign on i can think of. Now > > the question is, would this be a viable solution? And do you have any > > security or other concerns? > > Any advice is welcome, > > > thank you! > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Web Toolkit" group. > > To post to this group, send email to google-web-toolkit@googlegroups.com. > > To unsubscribe from this group, send email to > > google-web-toolkit+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/google-web-toolkit?hl=en. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
