0

I have two separate web applications. Lets say app1 and app2. Both are hosted in different server with different domain.

Now in app1 there is a link. On clicking over that link i have to call app2's login page with username and password and display the response. But username and password should not visible in URL.

Current Approach :

Now I accomplished my task by creating an iframe and passing username and password params in query string.

Like: www.app2.com/login.jsp?username=abc&password=xxx

By hitting above URL, user get logged-in and home page renders.

Required Approach

I want to call login page of another application with username and password as post parameters . And I want to do all my stuffs in server side without disclosing login credentials.

Note: I have control over app1 only I cant tweak code of app2. I am developing app1 in using JSP, struts 1.3.

The username and password for both the app are different. App1 is my app and app2 is third party report service.

Hope you got my point !!

Sunil Sharma
  • 1,297
  • 3
  • 17
  • 31
  • @Arvind yaar I cant do anything with app2 because it is a third party saas application. It provide report service. I have created reports for different roles users for my app. – Sunil Sharma Jun 11 '15 at 05:45
  • Did you tried using form tag with `method='post'` from your app1 to submit it to app2? –  Jun 12 '15 at 06:30

3 Answers3

0

What you are asking for is Single Sign-on.

The best way is to write a cookie which both the applications (rather domains) can read. In app1.domain.com write the cookie for domain.com and read the same in app2.domain.com

Update#1 - Sample .NET Code -- Though the question is for Java, below should be helpful to convery the logic

FormsAuthentication.SetAuthCookie(Session["userName"].ToString(), false);

//Below code modifies the cookie's domain
System.Web.HttpCookie MyCookie = System.Web.Security.FormsAuthentication.GetAuthCookie(User.Identity.Name.ToString(), true);
MyCookie.Domain = "abc.com";
Response.AppendCookie(MyCookie);
Response.Redirect("http://subdomain.abc.com/");
S.Krishna
  • 868
  • 12
  • 26
  • You can share a cookie across domain. I've updated my answer (Update#1) with a .NET snippet as an example – S.Krishna Jun 11 '15 at 04:27
  • @S.Krishna Thanks for your valuable answer. I cant do anything to another app i.e. app2 as per my question. It is a third party service it require username and password either by get or post. But for users I dont want to expose username and password. – Sunil Sharma Jun 11 '15 at 05:39
  • @Arvind I am sure you got the question very clearly . – Sunil Sharma Jun 11 '15 at 05:42
0

You can use post method to send parameters in another page. For that you can use AJAX POST request to another page and get the response of that page also.

Amit Das
  • 1,077
  • 5
  • 17
  • 44
  • Dar Dear I don't want to use client side ajax or form submit. because I have to pass username and password. If i do so any one can see username and password either by view-source or by see the code of js file. – Sunil Sharma Jun 11 '15 at 05:36
  • if you use POST method in AJAX. then no one can see it – Amit Das Jun 11 '15 at 06:01
  • but I have to send username and password in post parameters. Username and password is hard coded, i am not asking user to give username and password. – Sunil Sharma Jun 11 '15 at 08:20
  • Bro you are not clearly getting my point . For the shake of clarity. $.ajax({ url:"www.app2.com/login.jsp", data:{username:"abc",password:"xxx"}, method:"post", success:function(){}, error:function(){} }); If I do code like above anyone can view this file .. Now I hope you got my point. – Sunil Sharma Jun 11 '15 at 08:28
0

Please refer to the answer given here...

and Honestly I would go for this...

ServletContext context = this.getServletContext();
RequestDispatcher dispatcher = context.getRequestDispatcher("/otherurltoservlet");

// change your request and response accordingly like setting the parametrs, body etc

dispatcher.forward(request, response);
Community
  • 1
  • 1
Noushad
  • 384
  • 3
  • 11
  • Can you please tell me where I have to pass username and password and also url for my second app ?? I have only a jsp page from where i have to call another page of another application with username and password as post params . – Sunil Sharma Jun 11 '15 at 08:23