I’ve been having a sour week (i.e. week starting last Thursday),
I had requirement to implement SPS Portal SSO and the current requirement was that users should seamlessly be logged in to a JSP system and be shown certain useful pages within a WebPart.
What had me stumped was I could screen scrape and login, but after retrieving a JSessionID for a logged in user, I was clueless on how to translate that to the browser.
There were a couple of approaches that I entertained
- Add the JSession Cookie to browser and redirect
-> That wouldn’t work coz Cross Domain Cookies are a no no!
- Emulate a browser, i.e. do the requests and responses yourself and output it to the response stream
-> Didn’t want to take that path coz of the complexity
And today quite by accident (because of my limited knowledge of JSP) I found out that JSessions can be transferred over a get request as a Url parameter; i.e. they don’t have to be in the request header (although I don’t know if every app server honors this). I sure wish I could have stumbled across this a few days earlier. It would have cut me a little slack.
So now I plan to heavily abuse it; i.e. IFrame to JSP Url with the JSessionID as query parameter.