Single Sign on with Java Swing App
Piot Lee
authentication and authorisation.
Question: Can I the Java Swing App that is the frontend of a J2EE
Application, use the SSO server to make one single logon?
The SSO Appserver is a Servelt and would send Webservices to the J2EE
Application Server to "report" the state of the authorisation
Richard Attermeyer
this actually depends on the way the SSO mechanism works. It also depends on
the security you want.
One possible solution that we currently employ for a non critical system
that uses a Swing Client that communicates with a Server using SOAP is:
* Call a logon2soap servlet when the application is invoced
a) generate a application specific key and add this to the ap
plet parameters
* Set the endpoint for the SOAP Proxy in the Swing client so it includes
this key
* Install a front servlet that does the authentication (based on the key)
and dispatch the request to the rpcrouter servlet
Implementing SSO is not an easy task if you want to make it convenient (for
the user and the application client programmer) and secure.
There is no general answer to your question.