Another way that would work across servers I've read about, probably in this list, could be to push some sort of info into the user row once they are authenticated. All the Turbine applications would honor this user as already authenticated when the SessionValidator spins up, create the User object and away you go. I've not had the time or courage to try this yet though. A general way to do this would be nice. Instead we just put all our Turbine sub-apps into one big honkin' Turbine app. It works but is painful sometimes to make one small change.
We do something similar from an external thick client that wants to jump into our Turbine app. Our users are authenticated against a NT domain. So an external app has already authenticated the user. The external app blazes up the browser hitting a specific action we wrote to evaluate a key passed in the query parameters along with the username. If valid we populate a User object and the user is automagically logged in. Works pretty well, but not secure really. Its ok in our intranet environment though. >>>>> On Tue, 01 Jul 2003 17:49:37 -0500, "Arthur I. Walker" <[EMAIL PROTECTED]> said: > If they are on the same server, why not drop some sort of secure > cookie at login that both apps recognize? To make it more secure, > encrypt the contents, and make the contents time sensitive. >> -----Original Message----- From: Blair Martin >> [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 5:44 PM >> To: Turbine Users List Subject: Automatic login to another app? >> >> >> I have two turbine apps running on the same server. They both use >> the same database table for authentication (ie. the same >> username/password information). Once a user logs into one app I'd >> like them to be able to hit a button and be switched to other app >> and logged in. Obviously I could just dynamically create a link to >> the login screen with username/password embedded but that's not >> secure having a link sitting around with someone's password in it. >> >> As temporary solution I created an interim page that looks roughly >> like this: >> >> $page.addAttribute("onLoad", "doLogin();") <SCRIPT> function >> doLogin() { document.appSwitch.submit(); >> } >> </script> >> >> <form name="appSwitch" >> action="../app2/app/template/app2Main.vm/action/LoginUser" >> method="post"> <input type="hidden" name="username" >> value="$username"> <input type="hidden" name="password" >> value="$password"> <h4>Redirecting to $appU. Please wait...</h4> >> </form> >> >> This would be okay except that the first time they try this in a >> browser window the form data is actually in the URL (a la the GET >> method). On subsequent tries the form data is properly hidden as >> would be expected in a POST method form. >> >> Can anyone either tell me a) how to prevent the data from appearing >> in the URL the first time OR b) a better way to go about this? >> >> Regards, Blair >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: >> [EMAIL PROTECTED] >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] -- ===================================================================== Jeffrey D. Brekke [EMAIL PROTECTED] Wisconsin, USA [EMAIL PROTECTED] [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
