Advice on using one application as a front-end for logging into another application

Advice on using one application as a front-end for logging into another
application

I've written an app in Grails using Spring Security that can handle all of
the user oriented tasks like login, logout, reset password, and new user
registration with email verification. The app also can manage user roles
and the like. It has it's own postgres database to store user information.
I want to use the Grails app as a front-end for another legacy Tomcat GWT
app that uses Spring Security and that only has login/logout, and it
depends on user data being populated through LDAP. It has no user
registration front end, or reset password functionality. The legacy app
has it's own postgres database with user information.
I plan on running two instances of Tomcat on two different ports on the
same machine to host these two apps. Both apps will have access to all
databases.
The question is, what is the best way to have the Grails app accept
logins, and then pass the user on to the legacy app? Am I describing
Single Sign On?
The legacy app has code for preauthentication, but it looks to me like
just passing a user name through the request header is not secure! How
would the legacy app know that the user is really logged in? I've been
reading a little about Secure Remote Passwords, and I'm wondering if it
might be a way to handle securely logging into the Grails app, and passing
off control to the legacy app?
Any advice is appreciated!