The project I've been working on for the past year has branched into an interesting new direction.
We are have been using Ruby on Rails to implement one of the modules, because we needed something fast and simple as well as giving the developers a break from enterprise Java, which runs the entire system.
This leads to an interesting point. How do you integrate the two? Obviously you can just link between them and the user will never know. This does however raise a security issue, since you'd either have to re-authenticate or leave the Rails module totally open. The former will annoy the users, the latter will be unsafe. Both will lead to the Java session (JBoss in my case) to time out.
A simple solution is needed.
After a brief discussion on #rubyonrails, the following method suggested itself:
1. Build a small REST or Webservice component in Java that runs within the Java application server in question. This component will, given a session ID, pronounce whether it is a valid session or not.
2. Make sure the link to your Rails component includes the session ID.
3. Have the Ruby code call the REST/WS component to verify whether to let the user in or not.
4. Let Java App. server serve up a 1x1 transparent GIF.
5. Include this GIF in all Rails pages and be sure to include the session ID in the URL. This will keep the Java App. server session alive (hopefully!).
6. Voila!
I guess the scheme could be extended to check for the presence of this GIF and have Rails redirect to the Java app. server's sign-in page in case of a failure...
Anyway, many thanks to Patpatnz of #rubyonrails for his help on getting this worked out. Oh and for the name too:
RAJ (Rails And Java)
I'll come back with more details after implementation! There are bound to be several caveats and if/buts, but it seems doable.
Remember, you heard it here first!
