Announcement Announcement Module
Collapse
No announcement yet.
Sharing security between two web apps Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sharing security between two web apps

    I need to be able to have two web apps share a login. I can have them on the same server if that is necessary. I've tried using the remember-me feature but that didn't work. Basically I have two war files deployed and am trying to get spring to share a login between two html files:

    http://localhost/myapp-1/a.html
    and
    http://localhost/myapp-2/b.html

    Both of my security context settings are setup like so (the only difference being the .html filename in the pattern):

    Code:
    <sec:global-method-security
    		pre-post-annotations="enabled">
    	</sec:global-method-security>
    
    	<sec:http use-expressions="true">
    		<sec:intercept-url pattern="/a.html" access="hasRole('ROLE_USER')"/>
    		<sec:intercept-url pattern="/**" access="permitAll"/>
    		
    		<sec:form-login />
    		<sec:logout />
    		<sec:remember-me key="myKey"/>
    	</sec:http>
    
    	<sec:authentication-manager>
    		<sec:authentication-provider>
    			<sec:jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT USERNAME,PASSWORD,ENABLED FROM USERS WHERE USERNAME = ?"/>
    		</sec:authentication-provider>
    	</sec:authentication-manager>
    both of these configurations work perfectly fine individually, I was just hoping that when I login to one, it would recognize the same login on the other. Is this even possible? Is there a better way to do this?

  • #2
    What you are asking for is single sign on (and possible single logout also). There are several options:

    1) If you have two web apps on the same tomcat server you could use Tomcat's container managed single sign on (and Spring's pre-authentication mechanism)
    2) You could deploy something like CAS which is relatively simple (single logout can be a bit tricky though)
    3) You could use a SAML based platform like our Cloudseal service which benefits from a nice Spring namespace and zero installation. This is a commercial service but it's free for up to 50 users. Other SAML products include OpenAM and JOSSO

    Comment

    Working...
    X