Announcement Announcement Module
Collapse
No announcement yet.
Global authentication between 3 webapps Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Global authentication between 3 webapps

    Hi:

    I've got 3 web application runnning into Tomcat 7: login.war , admin.war and stuff.war
    I want to secure admin.war and stuff.war by redirecting to a form-login page in login.war when accessing to protected resource
    So, if I access to a protected resource in admin.war

    ie, http://localhost:8080/admin/protected/file.properties

    , Spring Security redirects to login.war , ( http://localhost:8080/login/) , checks user/password/role and , if success , AuthenticationSuccessHandler bean determines URL to redirect by browser.
    In this case, http://localhost:8080/admin/protected/file.properties

    I tried it but when browser performs the last redirection, admin.war checks that this resource requires validation. And redirect to form-login page in login.war again.
    So, admin.war doesn't know that user was valid.

    Is there any way to implement a global authentication between many web applications?
    This "global authentication" implies SSO but I would like to implement without CAS o external libraries/servers.

    I means, I want to make something like a 'standard realm' for all web applications running under a same virtual host.

    What is the right way in Spring security to perform these steps?

    Thanks

  • #2
    hello... did you get your answer?? i'm facing the same problem here...

    thx

    Comment


    • #3
      Originally posted by wanted.alive View Post
      hello... did you get your answer?? i'm facing the same problem here...

      thx
      Sorry, but I don't.

      I couldn't use Spring with SSO. I had to use SSO mechanism integrated into Tomcat server

      Comment


      • #4
        One option is to use Tomcat's container managed single sign on and then use Spring's pre-authentication feature. However Tomcat's SSO feature is pretty basic, it's limited to a single server (unless you replicate sessions which quickly becomes a major bottleneck) and obviously it only works on Tomcat. However this would at least allow you to use Spring's authorization mechanisms.

        The best option would be to deploy a "real" single sign on system though

        Comment


        • #5
          Originally posted by thobson View Post
          The best option would be to deploy a "real" single sign on system though
          What is a real SSO system in this context?

          Comment

          Working...
          X