Spring app Response to non-spring webapp

Question

I have two applications. One is a legacy webapp which is servlet-based. The other is a spring-based webapp. The legacy app has a page that has multiple jquery tabs. I want one of the tabs to act as an iframe to the spring based application. I have done the following to achieve that:

1. trigger an http post request (by openning and http url connection and writing to a printing to a writer) to the spring app, upon clicking on the tab name
2. the request contains information about the user in the legacy system, encrypted using a generated key shared on both systems
3. configure the spring mvc framework to intercept calls to the url and calls a method to process the request.

The request handling ideally should do the following:

1. decrypt the request data using the shared key
2. validate the request, license, etc
3. if the requester is deemed to be authentic and user has a valid license (uses an api for the license validation) then set up an account for the user and authenticate them programmatically into spring security
4. generate a random authentication key (to be used for future communications instead of the shared key)
5. send the random key back to legacy system (encrypted using the shared key)
6. direct the user to a specific page in the spring app

1,2 and 3 are complete, but I am struggling with 4 and 5. How can I send the second key to the legacy system and have the legacy system read it in using a buffered reader and then open the redirect page in the tab? Is it even possible in one response?

I used the @ResponseBody to return the key, but dont know how to send the redirect? p.s. feel free to ask me questions if anything is not clear

Answer 1

Solved it as follows:

1. the tab page on legacy application is preloaded with an iframe but without source, along with it a form with hidden fields is placed but without values, the form has the iframe as its target, and its action points to spring app url
2. when the tab page is opened, an ajax call is performed to a servlet on the legacy application
3. The servlet makes a call to the spring app on `/spring-url.do` with params. The call is performed by opening an `HttpURLConnection`.
4. `/spring-url.do` is intercepted by spring dispatcher and a method handles it as follows:
5. if it's the user's first time then generate a new key for them and write it to the response (it does so by forwarding the request to another controller whose return type is `@ResponseBody String`)
6. the response is read by the legacy application servlet and the key is persisted on the legacy app database for future communications
7. the servlet encrypts the user data using the new key and returns it to the ajax call
8. ajax success function reads the response and sets the value of the hidden form fields and programmatically submits the form
9. spring intercepts the url again, but this time it's an existing user, so it doesnot generate the new key, instead it validates the data and forwards request to a page on the spring app.