You could try to develop a AuthenticationSuccessHandler for the legacy application and have it set the Autentication from SecurityContext in a shared memory between the two application on success. On logout, destroy the object.
You could try to develop a AuthenticationSuccessHandler for the legacy application and have it set the Autentication from SecurityContext in a shared memory between the two application on success. On logout, destroy the object.