views:

29

answers:

1

Hi , I am working on a website built using GWT.Now i have an Iframe which actually opens up another website( for example say a Forum).Now all i want is a Single Sign On .That is once the user log's in into my system he is also automatically signed in into the forum and he can access the form with his username.

Now the forum is actually an Open Source Implementation using PHP. All i need is to pass the session variable which i have for my website to the php code on which the forum is built.

Please help

A: 

Here are a few points you need to be aware of:

All browser security rules apply. GWT is merely a javascript-to-html presentation. If you cannot pass information from a frame or iframe to another frame in Javascript, you cannot do it with GWT.

Just as with any HTML+Javascript client, GWT is merely a front-end for the log-in window that you are having. Any session information or cookie is still constrained by the "same origin" principle. GWT will not be able to help you dig into the cookie jars of the browser and pass them liberally around.

For client-server apps, you should look at GWT RPC. For cross-domain apps, you need to look at JSONP.

For unified or single sign-on, you need to look at OpenId. To share information across domains of a single sign-on, look at OAuth. For single sign-on for Google only, use Google accounts/federated login.

In a login operation, the GWT widgets used to accept login info will pass that info to the server thro GWT RPC.

Then the server would authenticate the sign-in and if authenticated, the server would trigger the appropriate session cookie to be set on the browser. This authentication process is regardless if you use GWT or Flash or anything else on the browser.

GWT will not be able to help you smash down the security wall the browser makers erected to prevent one site from reading the information of another site.

It may be that you need to understand the basic browser-client to http-server technologies first.

Blessed Geek