-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To whom it may concern,
On 8/21/2011 7:30 AM, pushme wrote: > Here's what i'd like to do: 1. User authenticates against Joomla > (running on Apache). For those playing along at home, Joomla is PHP-based. Pushme, how does Joomla perform it's authentication? Presumably it's not Apache-based, but something internal to Joomla, right? > 2. GWT (javascript) client side code queries the Joomla > userId/sessionId/orWhateverItsCalled and passes it to the servlets > at each rpc call. 3. The Servlet (running on Tomcat) asks Apache if > the userId/sessionId/orWhateverItsCalled-WhatsItCalledBTW? is still > valid. I would think that the servlet would have to ask Joomla about the credentials and/or session identification. The first question is: does the servlet even have access to anything like that? Is there even a cookie/request parameter going to the servlet that can be used to ask Joomla? > The short question is how can this be achieved with as less effort > as possible? I think you'd have to create an authentication verification service within Joomla. Perhaps one already exists (but probably not). > I.e. Does this setup make sense at all? Yes, but it's awkward :) > and if so, how do i have to setup Tomcat and Apache in order to > allow a servlert (running on tomcat) to query Apache if a given > userId/sessionId/whatever is still valid? I think you'll have to implement everything yourself. A (relatively) simple hey-Joomla-is-this-user-token-currently-valid message is all that would be needed... just call that from the servlet and read the response. If all is well, continue processing, otherwise return some appropriate error code and/or redirect the user toward whatever the login mechanism is. > I don't know if this is possible at all so any information is > welcome. Sure, it's possible. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5TtqkACgkQ9CaO5/Lv0PAOFwCfd8eYUDNhwV2Uw/f1ybYHL22T XlMAoIM3cirB1866oQGgOwgJk5kAVkc1 =MGiW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
