Hi,
Not being resourceful in java, I do not know the right method to avoid an inject script saw the mixture java / js.
My goal is to use the login-password of the portal in a tomcat application and tomcat knows who the logged-in user is.
I know how to manage the login application in javascript thanks to the javascript API but I can not understand how to pass the information safely to Tomcat. How can tomcat control the token generated by the javascript (via the API Rest?) And return the identifier (see group) of the person who owns this token?
Another solution would be to provide the identification directly in java (tomcat) as is currently the case since the authentication is based on the corporate LDAP.
I hope to be quite clear in my explanations because it is not necessarily clear for me.
Guillaume ARNAUD
