[Opensource] integrating other (coldfusion) systems with
expresso's security
larry hamel
expresso at codeguild.com
Fri Apr 11 11:12:17 PDT 2003
consider these options
1) change both systems to use LDAP
2) access common DB (userstable) from both systems
3) use httpclient.jar on external system to log into expresso as each user
At 03:40 PM 4/10/2003, you wrote:
>I need to be able to allow a web application written in coldfusion (not
>running on the same jvm) to be able to access basic security info, such as
>the identity (username, uid) of the current user. Right now, the only idea I
>have is:
>- use a shared secret so messages between the coldfusion and tomcat servers
>are known to only be from those servers
>- coldfusion gets the session id (from the requesting user's cookie) and
>sends it to an expresso application over http (https if going over insecure
>network) adding the ;jsessionid= to the end of the url
>- the expresso app will think the user is making the request, so it can
>simply return session info -- I assume this will work, but have never
>tried it.
>
>
>I'm not liking my idea too much - any better ideas?
>
>
>tia,
>mike
>_______________________________________________
>Opensource mailing list
>Opensource at jcorporate.com
>http://mail.jcorporate.com/mailman/listinfo/opensource
>Archives: http://mail.jcorporate.com/pipermail/opensource/
More information about the Opensource
mailing list