Login/Register Via Java Web App

  • I have a website that runs on Java (Tomcat, MySQL).

    I am in the process of adding a blog to the website by integrating WordPress into the website (ie: https://www.mysite.com/blog will be the domain of the WordPress blog, the rest will be my (non-WordPress) site).

    I want to have only one register/login and for that to be through the main (non-WordPress) site. Also, if a user is logged in to the main site, he should also be logged into the WP site.

    To do this I was thinking of doing the following:

    1) Move all current users into the wp_users table and add all new users to that table.

    2) Forward WP login to non-WP login form. Enter userId and random UUID into a custom table on WP database and attach the UUID as a parameter to the URL (which will also contain the url from which the user arrived, so if they arrived from the WP site it will forward them back to the WP site).

    3) On forum pages, if not logged in, check for UUID parameter and if it exists log the user in (with functions such as wp_set_current_user and wp_set_auth_cookie, etc.).

    Does this seem like a reasonable method? Is there a preferred way to do this? Are there any flaws with my proposed setup? I’m new to PHP and WP so I might have overlooked an easier solution.

    Thank you.

Viewing 6 replies - 1 through 6 (of 6 total)

  • We use an external LDAP app for authorization. You don’t have to move all the users first. On first visit to the WordPress installation, a user that is logged into our LDAP would be created in WordPress. It only requires 3 items to create an account: username, password, and email. We pull username and email from the LDAP and use a “fake” password for WordPress.

    In a plugin you can write code to do this using the init action

    Thread Starter theyuv

    (@theyuv)

    Thank you.

    Regarding this statement:
    “On first visit to the WordPress installation, a user that is logged into our LDAP would be created in WordPress”

    How do you know that said user is logged into your LDAP?
    When a “user” uses my WP site, I have no way of knowing that he is a user on my non-WP site.

    (I am not at all familiar with LDAP. I am using a Java web app as my external app).

    Thanks again.

    We set a cookie when they are logged into our LDAP app…You could do the same…just have your Java web app set a cookie once they are authenticated.

    Thread Starter theyuv

    (@theyuv)

    I see.

    Are you at all worried about the “fake password”? Specifically, someone can somehow access your WP login page and sign in as any user. Or, do you enter some random, difficult to crack password?

    Thanks.

    It’s a strong password, but the wp-login.php page is not available to anyone.

    Thread Starter theyuv

    (@theyuv)

    Did you just completely remove the wp-login.php file?

    Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Login/Register Via Java Web App’ is closed to new replies.