I am throwing up this question here hopefully i will get some helping words from the experts here.
I am working on java based large platform (BMC remedy) that has application to manage database. One can login with your username and password and do whatever is allowed to his group id. Now from inside that software I can launch another independent servlet application that also access the same database. My requirement is to implement the access privilege or user group access from parent application to this one knowing that there is no relation in between apart from few parameters that are passed in url. if i pass group id as another parameter one can easily temper it from browser window and gain access to unauthorized data.
another limitation is i cannot redirect user to a login window in this servlet app as this is also another third party api that allows limited customization.
is this possible? any help appreciated.