Multiple-Application Login

I’m trying to handle an integration between a humongous code-base Java application (doing basic stuff) with a new Rails application (talking about injecting Rails transparently). Handling login (multi-application logins) was my first obstacle, and after talking with Steven and Brenton, I came up with the following implementation:

123456789101112131415161718192021require 'rubygems'require 'hpricot'require 'mechanize'class WelcomeController < ApplicationController...  def login    agent = WWW::Mechanize.new    page = agent.get('http://example.com')    login_form = page.form('loginForm')    login_form.username = params['username']    login_form.password = params['password']    page = agent.submit(login_form, login_form.buttons.first)    cookie = agent.cookies.first    cookies["JSESSIONID"] = {:value => pet_cookie.value, :path => '/', :domain => 'example.com'}  end...end

Of course this is just the basic stuff (no error handling, no response checking, no cookie review, …)

The idea is to use Mechanize to simulate the browser actions from within the controller, log-in to the second application, set up a first-application session cookie with the same name/value pair as that of the returned cookie from the first application. I’m not sure that this covers all the basis but it’s not a bad start. Muhammad has also mentioned the idea of having Rails session cookies written with the same name/value pair as those of the Java application.

Thoughts?

The require ‘hpricot’ line is not required as of last year sometime, since Mechanize includes it now—unless you’re after bleeding edge stuff in hpricot perhaps, although Aaron keeps the version of hpricot included pretty up to date.