Solution for handling Spring security session Id in different wed apps

[tezavrat]

Hi,

I have 2 web application on different wed servers: Core (Spring 3.0.5, Spring Security 3.0.5, PostgreSQL) and Red5

I need to develop the next workflow:

1. User logins in Core
2. System returns web page with simple html and flex app
3. User streams audio on Red5 by flex app
4. Red5 uses Core to check if user is logged in
5. Red5 sends file to Core
6. Core identifies that a file come from appropriate user
7. Core stores file in related user's folder

I have configured Spring Security at Core, flex client which streams audio to Red5, servlet on Red5 which stores audio in flv file and have access to this file.

My idea is:

1. In case of successful login Core returns sessionId
2. At the end of recording flex app sends sessionId to Red5 server
3. Red5: makes http get request with sessionId to Core
4. Core returns "true" in case of user was logged in
5. Red5: makes http post request with 2 parameters: file and sessionId
6. Core identifies user and stores file in user's folder

Please provide mechanism how to get this sessionId, how to check if user is logged in and how to get user by this sessionId or better approach to implement described workflow

[Rob Winch]

If I were you I would try to stick to something a little more standard. Spring Security Extensions has support for OAuth which would seem like a better fit.

[tezavrat]

Thanks for this solution. I thought about to use oauth. But as I saw in Tonr 2 we need to add Spring Security configuration to OAuth consumer. It is not easy to do in already configured application such as Red5. Maybe you can suggest how to develop OAuth consumer without configuration Spring Security Extensions.

[Rob Winch]

You might take a look at the java section of the oauth code page.

[tezavrat]

Suggested libs are for OAuth 1. What about OAuth 2 ?

Do you think that using OAuth 1 is better approach for now ? (until OAuth 2 will be finished or better supported)