How to wrap Plone authentication around a third-party servlet?
Posted
by
smocking
on Stack Overflow
See other posts from Stack Overflow
or by smocking
Published on 2012-08-28T20:40:44Z
Indexed on
2012/08/29
9:38 UTC
Read the original article
Hit count: 245
We're using Plone to serve up some third-party middle-ware.
Unfortunately the middle-ware has a particular servlet that gets invoked from a Java applet and doesn't do any kind of authentication. I would like to firewall this off and somehow wrap authentication around it, preferably using the existing session that users will have on Plone.
My first idea was to configure nginx (which we're using as the reverse proxy) to check the cookie and only proxy if the user has a valid session (along the lines of this example). However, how to check the session ID against Plone, since it's all stored in the Zope database?
Alternatively we could have a Plone python script that basically passes everything along to the back-end after authenticating, but I'm not sure how to do that.
Any suggestions? Or alternative ideas?
© Stack Overflow or respective owner