Welcome to the Java Programming Forums


The professional, friendly Java community. 21,500 members and growing!


The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


>> REGISTER NOW TO START POSTING


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 3 of 3

Thread: Best way to automatically login user from a customer's web site.

  1. #1
    Junior Member ess_stegra's Avatar
    Join Date
    Feb 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Best way to automatically login user from a customer's web site.

    I have a trade show application that I want to integrate with a customers conference registration application. For example, Big Trade Association has user John Doe register for Big Trade Association's fall conference.
    1. John Doe logs in to Big Trade Association's web site and registers for the conference.
    2. After completing his registration, John Doe selects "Schedule Appointments With Other Attendees" from Big Trade Association's menu.
    3. At this point, John Doe is transferred to my web site where he can select who he wants to meet with. At this point I want to:
    a) Know that John Doe is on my web site without requiring John Doe to log in a second time.
    b) Securely transfer John Doe's identifying information to my web site.
    c) Prevent a third party from being able to spoof John Doe's identity and be able to look at what information John Doe has entered on my web site.
    d) Not require Big Trade Association to let me know in advance, who might log on to my web site. In other words, John Doe might
    * Navigate to Big Trade Association's web site
    *Join Big Trade Association
    *Register for Big Trade Association's fall conference
    *Immediately click on the "Schedule Appointments With Other Attendees" link on Big Trade Association's web site.

    Any pointers on what technologies I might want to look at or any other pointers for the best way to accomplish this? Thanks in advance.


  2. #2
    Super Moderator Json's Avatar
    Join Date
    Jul 2009
    Location
    Warrington, United Kingdom
    Posts
    1,274
    My Mood
    Happy
    Thanks
    70
    Thanked 156 Times in 152 Posts

    Default Re: Best way to automatically login user from a customer's web site.

    Hello there,

    This kind of sounds like it needs the same design as a payment solution.

    Basically Big Trade Association tells you that they want John Doe to access your site securely, so you reply by telling them what URL they need to go to. They then redirect John Doe to that url. You then notice that someone has arrived at that url and when the session is created on your side you can link that session to John Doe.

    However if you want Big Trade Association to also send you details of John Doe then they should probably do this in the first call to your site. All of this communication should also be done over HTTPS/SSL to ensure that the user data is harder to capture.

    Hope this helps.

    // Json

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Location
    Orpington, Kent, UK
    Posts
    18
    Thanks
    0
    Thanked 9 Times in 8 Posts

    Default Re: Best way to automatically login user from a customer's web site.

    Sounds like you want John Doe to automatically sign in to the site he is being redirected to without being challenged for his user credentials again.

    To do this securely you need a Single Sign-on solution, these can be expensive and require a certain level of configuration on the server, though there are free ones availble OpenSSO I believe is one., they effectively allow a user's credentials to be propogated to other websites securely, though both sites need to be programmed to use this method.

    Assuming that both sites have their own authentication process your code would have to automatically sign him in, to do this it needs his user credentials (i.e. username and password), this is not stuff you want to pass around via the URL. for security reasons.

    I have worked on quite a few systems where a security audit was performed, and believe me that approach would not have produced a very good security rating.

Similar Threads

  1. Login form on webpage
    By rosebabz in forum JDBC & Databases
    Replies: 0
    Last Post: January 14th, 2010, 10:34 AM
  2. simple login web service
    By mr_aliagha in forum JavaServer Pages: JSP & JSTL
    Replies: 3
    Last Post: January 5th, 2010, 03:49 PM
  3. Netbeans User Manual
    By systech44 in forum Java IDEs
    Replies: 1
    Last Post: December 8th, 2009, 12:56 PM
  4. Replies: 1
    Last Post: July 28th, 2009, 03:15 AM