• Post Reply Bookmark Topic Watch Topic
  • New Topic

Passing session to a different machine in JSF

 
Akhil Pratap Singh
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my JSF application user starts on primary server where the session begins and then the user is redirected to a different server using sendRedirect. I want to pass some authentication token to the next server from primary server. I am trying to set session attribute as:


And then send it to the next server as:




But this attribute is not reaching the new server. I cannot pass this auth_token as request parameter as that wont be secure. So how to get some session data to new server?
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On a different server you'll have a different session, so that won't work. Maybe SSO is what you really need? See http://www.coderanch.com/how-to/java/SecurityFaq#web-apps for some Java implementations.

Or maybe you can pass a cryptographically secure token as part of the URL that the target machine can use to look any required information in a shared DB? This token would have to expire quickly, and be valid for just this particular user, so that it can't be captured and reused.
 
Tim Holloway
Bartender
Posts: 18415
58
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Inter-vm HttpSession sharing isn't a JSF characteristic. It's something that typically has to be configured in the webapp server itself - assuming that the server in question supports such a feature.

Now as far as passing a token for a Do-It-Yourself login system around, DIY logins are notoriously secure even without such complications. The J2EE standard security system can be configured to use a SSO Realm and in that case, not only do you get proven pre-debugged security, but you don't have to do tricks with HTTPSession at all.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:...notoriously secure ...


I am certain that is meant to read "notoriously insecure" :)
 
Tim Holloway
Bartender
Posts: 18415
58
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:
Tim Holloway wrote:...notoriously secure ...


I am certain that is meant to read "notoriously insecure" :)


Indeed. As in wet tissue paper.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!