Non-java webApp to authenticate against Java servlet

Question

Hi,

We have a J2EE webapp deployed to JBoss. This webapp is used for authentication purposes.

Now we would like to have other webApps that are not written in java to communicate and authenticate against this webapp. The reason we want to do this is: Suppose we have a small webapp that does simple task for the user. This webapp could be implemented purely with the plain html stack plus a little bit of javascript, hence we would like to not introduce the complexity of j2ee into it.

Is there any good way of doing this both secured and efficiently?

---

More Info: The webapp used for authentication is a huge J2EE program with other functionalities. We'd like to slowly get rid of it, and part of this process involves moving some of its functionalities outside the stack.

At this phase, we are leaving the authentication module as is, and start with other parts of the program (hence why we don't want to bundle these small webapps with the main program and uses j2ee).

Answer 1

You can put static HTML and Javascript inside a JEE Web app. Why not just put it there since you have the application anyway (and need it for authentication I assume) and then add appropriate mappings to your web.xml so you can only access those pages if you're logged in.

It's a little difficult to answer because I'm not sure exactly what these other pages will be doing, how they will relate to the Java Web app and so on.

Answer 2

If all you need is authentication, here's a small and lightweight open source library, http://spnego.sourceforge.net, that is installed as a servlet filter.

They also have examples on how to use a SOAP client with a protected web service.