1

I have a Java Enterprise Edition web application, a standard WAR. I want to integrate this with an existing .NET infrastructure running IIS. To be specific, I need to be able to share user sessions between the two applications in some secure manner.

Is there a "standard" way of doing this?

Edit: I do not need full session sharing, sorry for not pointing that out. What I need to be able to do is to check if a user is authenticated with the .NET application when she connects to the Java EE application.

Improve this question
3
  • Do you need to share all data the users have in theirs J2EE web session (or perhaps just some of them), or do you rather want to have them single only once and be able to access both applications? Commented May 7, 2009 at 13:36
  • Soory, too many typoos, please disregard the above comment :) Do you need to share all data the users have in theirs J2EE web session (or perhaps just some of the data) with the .NET applications, or do you rather want to have the the users sign in only once and then be able to access both J2EE and .NET apps? Commented May 7, 2009 at 13:39
  • I only need the authentication - see my edit in the question. Sorry for not pointing that out! Commented May 7, 2009 at 13:40

4 Answers 4

Reset to default
2

Create a .NET web service (using WCF, of course) to return whether a user is authenticated. Then call that web service from the Java EE application.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Is there a way to do this without the user having to write in any credentials? I was thinking about some form of cookie stealing, but the same origin policy applies to ports as well as domains if I'm not mistaken..
I don't know enough about J2EE to answer this. I presume you'd somehow have to communicate the .NET session id to Java so it could supply that in the web service call.
0

Very doubtful.

You'd have to persist session state to a third component, such as a database. I doubt that the built-in providers for either infrastructure are at all similar (as far as schemas, etc); so you'd like have to create your own.

This does not sound like it would be a fun thing to do.

Improve this answer

1 Comment

Ok, my answer is probably no longer applicable now that you've clarified you are just interested in single-signon.
0

If they will run on the same server, you will need an isapi redirect filter, like the isapi_redirect.dll that comes with Tomcat.

Improve this answer

Comments

0

This open source library, http://spnego.sourceforge.net, will enable your java app to do transparent/integrated windows authentication.

It's installed as a servlet filter so you will not have to write any code.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.