Announcement Announcement Module
Collapse
No announcement yet.
how to keep user authentication across multiple Tomcat instances Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to keep user authentication across multiple Tomcat instances

    Hello Everyone,

    I'm new to Spring Security and have no idea what features are available for keeping user authentication across multiple Tomcat instances.

    I've read the documentation and some tutorials and still got nothing.

    This new assignment has to be accomplished soon.

    Please give me advises where I can find information about that.

    Really appreciate any helps.

  • #2
    Multiple instances of the same application (i.e. load balanced)? Or different applications?

    Comment


    • #3
      thank you, Peter.

      It's the same application in differenct tomcat instances.

      Comment


      • #4
        If you are using session replication already (which I assume you are), you shouldn't have to do anything. Spring Sec stuffs authentication information in the HTTP session, and that's how it maintains state.

        Comment


        • #5
          thank you very much, peter. yes we're going to use session replication. That's good to know we don't need to do anything.

          The following are the requirements for the project:

          Code:
          1. User authentication persists across webserver restarts 
             -- no need for user to have to login again after a webserver restart.
          
          2. User authentication persists for access to multiple webapp contexts running in the same Tomcat instance.
            use Tomcat container single signon feature
            
          3. User authentication persists for access to multiple webapp contexts running in different Tomcat instances.
          
          prefer to use session-based authentication.
          You're already anwsered the requirement 3.
          Is the requirment 2 same as the requirment 3? Do I need to use CAS for the SSO besides Tomcat container single singnon feature.
          Is there a way to accomplish the requirment 1 in Spring security 3.0.

          Sorry about those many questions.
          Really appreciate your helps.
          Last edited by enterjavareg; Jan 27th, 2010, 12:15 PM.

          Comment


          • #6
            Seems to me that as long as you are doing session replication

            and single sign-on (SSO) via kerberos spnego, ntlm, etc.,

            you should be able to meet all of your requirements.

            Comment

            Working...
            X