I've used Siteminder quite a bit. It works by setting user credentials in a
cookie. When any server in the cookie domain (whether Tomcat, Apache, IIS,
etc.) receives an HTTP request, it grabs the cookie and uses it to query a
central server (the call it the policy server) which then verifies the
session is ok and returns user credentials to the server.
Great product. Actually works as advertised.
In your stituation you might try passing the info not in the URL, but in a
cookie.
Have each app set a cookie that is good for any server in the entire cookie
domain, then use that value as a lookup into a persistent store (database,
ldap or a web service) to retrieve the user credientials.
Sort of a roll your own version of Siteminder.
Of course, if you're looking for an enterprise solution, break down and buy
Siteminder. It does exactly what you are looking for.
"Hakan Forss" <[EMAIL PROTECTED]> on 06/07/2002 05:14:24 PM
Please respond to "Struts Users Mailing List"
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: (bcc: Kevin Bedell/Systems/USHO/SunLife)
Subject: RE: .JSP / .ASP Integration
Hi Jerry,
I'm not sure this is the way to go but take a look at single signon
products
like GetAccess from Entrust(http://www.entrust.com/getaccess/index.htm) or
Netegrity's SiteMinder
(http://www.netegrity.com/products/index.cfm?leveltwo=SiteMinder).
Hakan
>From: "Jerry Jalenak" <[EMAIL PROTECTED]>
>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
>Subject: RE: .JSP / .ASP Integration
>Date: Fri, 7 Jun 2002 14:29:57 -0500
>
>Sitemesh presents an interesting solution to the presentation side of the
>problem, but doesn't address the root problem - how do I pass
>authentication/authorization information from Java to .ASP land? Each of
>the .ASP app's have unique business logic requirements that are driven
from
>the user ID (we are trying to consolidate all of our
>authentication/authorization processing into one location). I can pass
>data
>on the URL when I redirect to the .ASP site, but feel that this could be
>intercepted and abused by someone simply typing the URL into the browsers
>address line. I'd rather find a way to directly pass a JavaBean into some
>sort of a COM object, or have the .ASP access the JavaBean. A previous
>post
>talked about JIntegra; I really think this will be the avenue for me to
>persue.
>
>Jerry
>
>-----Original Message-----
>From: John Nicholas [mailto:[EMAIL PROTECTED]]
>Sent: Friday, June 07, 2002 1:46 PM
>To: Struts Users Mailing List
>Subject: Re: .JSP / .ASP Integration
>
>
>I'm not sure if this will help but there is a open source tag library
>here: http://www.opensymphony.com/sitemesh/
>
>It lets you load in other pages written in other languages and filters
>them in to content of a jsp page. It sounds like this would let you
>create the templating in jsp and rather than link them to the asp apps
>you would have pages that loaded and decorated the output of those apps.
>
>I haven't used it but have just started looking at it for this exact
>situation (loading existing asp output into a java site)
>
>John Nicholas
>
>Jerry Jalenak wrote:
> > Thanks to everyone (so far) for the comments. As it was early and I
was
> > suffering from a lack of coffee, I neglected to mention a couple of
>*vital*
> > points:
> >
> > 1. My Java web environment is based on Linux, with Apache and
> > Tomcat, not IIS.
> > 2. Due to #1, the .ASP app's are on different servers, typically
> > running Win-NT (and IIS, obviously).
> >
> > Now, given the 'rest of the story', can I still pass JavaBeans (or
>something
> > else) around?
> >
> > Jerry
> >
>
> > -----Original Message-----
> > From: Jerry Jalenak [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, June 07, 2002 9:17 AM
> >
> > Hi All,
> >
> > This is WAY off topic, but seeing that there are a couple of ex-ASPer's
>on
> > the mailing list, I thought I'd throw this out and see if anyone can
>point
> > me in the right direction.
> >
> > The company I work for has several, somewhat autonomous, development
>groups
> > doing web development. Some (most) are using .ASP with either VB or
>C++.
> > As part of my role, I have been tasked with developing a framework that
>can
> > take all of our current websites and integrate them under a single
'look
>and
> > feel' - including implementing a 'single sign-on' function. Obviously
I
> > chose JAVA and JSP with struts or I wouldn't be here. Anyway, I've got
>the
> > authentication/authorization piece working, and can generate custom nav
>bars
> > by user based on a persistent profile stored in an Oracle database. As
>long
> > as the applications that I link to are Java/JSP based, I can pass
around
>a
> > set of JavaBeans containing the users information without any problem.
>How
> > do I get this information over to a .ASP app? Can this even be done?
>Short
> > of passing around XML data structure ala web services, I can't seem to
>find
> > an easy (or hard) way to do this. Am I simply screwed?
> >
>
>
>
>
>
>--
>To unsubscribe, e-mail:
><mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
><mailto:[EMAIL PROTECTED]>
>
>
>This transmission (and any information attached to it) may be confidential
>and is intended solely for the use of the individual or entity to which it
>is addressed. If you are not the intended recipient or the person
>responsible for delivering the transmission to the intended recipient, be
>advised that you have received this transmission in error and that any
use,
>dissemination, forwarding, printing, or copying of this information is
>strictly prohibited. If you have received this transmission in error,
>please immediately notify LabOne at (800)388-4675.
>
>
>
>--
>To unsubscribe, e-mail:
><mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
><mailto:[EMAIL PROTECTED]>
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
--
To unsubscribe, e-mail: <
mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <
mailto:[EMAIL PROTECTED]>
---------------------------------------------------------------------------
This e-mail message (including attachments, if any) is intended for the use
of the individual or entity to which it is addressed and may contain
information that is privileged, proprietary , confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this communication in error,
please notify the sender and erase this e-mail message immediately.
---------------------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
