Announcement Announcement Module
No announcement yet.
Sharing security between two web apps Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sharing security between two web apps

    I need to be able to have two web apps share a login. I can have them on the same server if that is necessary. I've tried using the remember-me feature but that didn't work. Basically I have two war files deployed and am trying to get spring to share a login between two html files:


    Both of my security context settings are setup like so (the only difference being the .html filename in the pattern):

    	<sec:http use-expressions="true">
    		<sec:intercept-url pattern="/a.html" access="hasRole('ROLE_USER')"/>
    		<sec:intercept-url pattern="/**" access="permitAll"/>
    		<sec:form-login />
    		<sec:logout />
    		<sec:remember-me key="myKey"/>
    			<sec:jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT USERNAME,PASSWORD,ENABLED FROM USERS WHERE USERNAME = ?"/>
    both of these configurations work perfectly fine individually, I was just hoping that when I login to one, it would recognize the same login on the other. Is this even possible? Is there a better way to do this?

  • #2
    What you are asking for is single sign on (and possible single logout also). There are several options:

    1) If you have two web apps on the same tomcat server you could use Tomcat's container managed single sign on (and Spring's pre-authentication mechanism)
    2) You could deploy something like CAS which is relatively simple (single logout can be a bit tricky though)
    3) You could use a SAML based platform like our Cloudseal service which benefits from a nice Spring namespace and zero installation. This is a commercial service but it's free for up to 50 users. Other SAML products include OpenAM and JOSSO