Hello
I have a server side component which performs user authentication with the LDAP server. My organization has got a set of different web applications and all of them depend on this component for user authentication.
Now I need to make a common login UI component so that individual web application pages just need to include this on their pages and can perform authentication from this component. There is a requirement that the credentials should be transferred to the server in a secure manner.
The possible options that come to mind for this component are:-
- A jsp tag library which can be included in the other web pages (of course they need to be java applications)
- A simple html component
- A javascript based widget
I would like to know whether handling login credentials through a js based framework will pose any security threats. If I include this js component in a web page and if I want to perform login with without disturbing the actual page, I will have to make an ajax call to my server with the login credentials from a different domain. I am not sure whether this is the right way to implement this?
Also can I make this ajax invokation alone as an https request? Will the same origin policy get violated in this scenario?
Best Regards gr